Singapore’s Giant Healthcare Hack

In the worst cyber-attack in Singapore's history, hackers broke into the computers of SingHealth, the Republic's largest public healthcare group, and scooped up personal information on 1.5 million patients in June 2018. 

Of these, 160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had their outpatient prescription information stolen as well.

At a press conference on July 20th, the authorities said that the attackers "specifically and repeatedly" targeted data on PM Lee.

Mr David Koh, chief executive of the Cyber Security Agency of Singapore, said: "The attack was a deliberate, targeted and well-planned cyber-attack." He ruled out casual hackers and criminal gangs, but refused to be drawn on who might be behind the attacks.

Cybersecurity experts commented that, given the nature of the attacks, these were likely to be state-organised or sponsored, with just a few key countries such as China, Russia and the United States having the capacity to mount such a sophisticated attack.

A Committee of Inquiry (COI) will be convened to establish the events that led to the breach and recommend measures to better secure public sector IT systems.

Database administrators of the Integrated Health Information Systems first detected unusual activity on July 4, and acted immediately to halt the activity. However, subsequent investigations established that hackers had breached the system a week earlier, on June 27.

In that time, the attackers took records of patients who visited nine SingHealth institutions from May 1, 2015, to July 4 this year. The institutions include Singapore General Hospital, Changi General Hospital and SingHealth's network of polyclinics.
What specific information the hackers were after was unclear, although experts said the damage could well have been worse.
For the bulk of the 1.5 million patients, the data taken includes personal details like names, identity card numbers and addresses, and demographic information like a patient's gender, race and date of birth. Credit card numbers and mobile phone numbers were unaffected.

While the hackers copied information on medicine dispensed to 160,000 outpatients, they did not tamper with these records nor gain access to more detailed medical records like diagnosis, test results or doctors' notes.

"I don't know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me," PM Lee said in a Facebook post. "If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it."

Still, the aftermath of the breach will be far-reaching. For a start, all new Smart Nation projects will be paused as the Smart Nation and Digital Government Group reviews the cyber-security measures of government systems and implements any necessary safeguards.

The introduction of a new Singaporean law scheduled later this year, to make all healthcare institutions contribute data to the National Electronic Health Record, will be postponed.

Computers at all health clusters will also be cut off temporarily from the Internet, in much the same way Net access was cut off from computers of public servants last year. SingHealth cut access, and the other two clusters are expected to follow suit.
At the press conference, Health Minister Gan Kim Yong apologised to the patients for the breach. "I am deeply sorry this has happened. The public healthcare family sees our role as not just providing good patient care, but also safeguarding the confidentiality of our patients' data," he said.

All affected patients will be notified over the next five days either through SMS or mail, if their phone numbers are not on record. Patients can also go to SingHealth's website or app to check if their data has been affected.

Despite the attack, the Government stressed that the incident did not mean it was abandoning its technological push. Communications and Information Minister S. Iswaran, who noted there have been numerous similar breaches in countries like the US and Britain, said: 

"This is an ongoing battle. But we must not allow this incident, or any others like it, to derail our plans for a smart nation. We must adapt ourselves to operate effectively and securely in the digital age." 

Straits Times

You Might Also Read: 

Hacker Group Targets Healthcare Providers:

Healthcare Security Should Use More Sophisticated Tools:

 

« MoneyTaker Take Money From A Russian Bank
Five Key Ways to Protect Your Company Against Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.