SingHealth, the largest health care institution in Singapore has suffered a massive data breach in which records of over 1.5 million patients who visited SingHealth’s polyclinics and clinics between from May 1, 2015, to July 4 this year – One of the victims of the breach is the Prime Minister of Singapore Lee Hsien Loong while prescription details of 160,000 patients including government ministers.
The attack took place between June 27, 2018, and July 4, 2018, when unknown hackers breached SingHealth’s IT system and stole data such as names, addresses, date of birth, race, gender and National Registration Identity Card numbers while medical data remained unaffected.
According to a joint press release from the Ministry of Health (MOH) and Ministry of Communications and Information (MCI) “The attackers specifically and repeatedly targeted Mr. Lee’s personal particulars and information on his outpatient dispensed medicines.”
It is noteworthy that in 1992, PM Lee was diagnosed with Lymphoma, a group of blood cancers and underwent successful chemotherapy. However, it is unclear why hackers were keen on stealing Lee’s data as stated by government ministries.
In a Facebook post, Mr. Lee said that “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
Mr. Lee also pointed out that “Those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying.”
The breach is being investigated by cybersecurity specialists and law enforcement agencies. Initial investigations as revealed by StraitsTimes showed that one SingHealth front-end workstation was infected with malware which the hackers used to gain access to the database.
“We have been made aware that some people have received the fake text (SMS) message below. Please note that this is NOT from SingHealth. Please be assured that NO phone number, financial information, or other patient medical records have been illegally accessed.”
“The information is highly valued on the Dark Web; often fetching prices of $300-$500 USD per record,” said Absolute‘s Director of Solutions, Josh Mayfield. “SingHealth’s endpoints was compromised with malware. So why didn’t anyone know it was happening? Often, detection systems are calibrated to spot anomalous behavior. But when an endpoint has access to patient records, it does not cause any alarms when that trusted device is accessing patient data, which it does all the time without incident. This dwell time for the attacker was extensive, allowing 1.5 million records to be swiped without notice.
SingHealth’s breach came days after America’s largest diagnostics service LabCorp suffered a massive data breach in which putting millions of patients’ data at risk. If you are an IT administrator responsible for securing patients data here are 10 simple tips for securing private health data of your patients.
Image credit: Depositphotos