Singapore has been hit by what local media is calling the country’s worst ever cyber attack. Hackers targeting Singapore’s largest healthcare institution, SingHealth, stole the personal profiles of some 1.5 million patients, as well as the details of prescriptions for 160,000 others. Included in the latter group was Singapore’s Prime Minister, Lee Hsien Loong, who the Ministry of Health said was targeted “specifically and repeatedly.”
The attacks were outlined in a government briefing this morning, which stated that the hack was “not the work of casual hackers or criminal gangs.” It’s not yet known who was behind the attack, but local media reports that it’s believed to be state-sponsored. “This was a deliberate, targeted, and well-planned cyberattack,” said the Singapore government.
Prime Minister Lee expanded on this in a Facebook post, saying: “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.” He added that whoever the hackers were, they were “extremely skilled and determined” and had “huge resources” behind them.
The government has assured citizens that no records were tampered with (i.e. amended or deleted) and no diagnoses, test results, or doctors’ notes taken. As for the 1.5 million patients affected by the attack, the only information lost was their personal profiles. These included their names, addresses, gender, race, date of birth, and national registry numbers, but not medical information. All affected patients will be contacted over the next five days.
(function(d, s, id)
var js, fjs = d.getElementsByTagName(s);
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = ‘https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0’;
(document, ‘script’, ‘facebook-jssdk’));
The hack on SingHealth is the latest example of the vulnerability of digitized health data. Data breaches of this sort have become increasingly common, with a study in 2015 suggesting that around 29 million digital health records belonging to American citizens were exposed in one way or another between 2010 and 2013. Numerous hacks and breaches have been reported since then, including some targeting DNA registries. Digitizing health data can greatly speed treatment, but the fragmented nature of this information (often stored in different types of records across multiple institutions) often leaves plenty of openings for attackers.
Of particular interest regarding today’s news is the targeting of political figures. Not only was Singapore’s prime minister singled out, but so were a few other (un-named) ministers. As Prime Minister Lee suggested in his Facebook post, hacking the health records of government officials could be done for political purposes, with the attackers hoping to find embarrassing or compromising material. We can expect to see similar attacks in the future.