Hackers have infiltrated Singapore’s government health database in the country’s worst breach of personal data, stealing records on 1.5 million patients including the prime minister’s own personal drug prescriptions, the government said on Friday.
Government officials did not say who might have been behind the attack, but a joint statement by the health and communications ministries suggested a high degree of sophistication.
“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS)confirmed that this was a deliberate, targeted and well-planned cyberattack,” the statement said.
“It was not the work of casual hackers or criminal gangs.”
The hackers stole personal details and prescription records of patients who visited Singapore’s outpatient clinics between May 1, 2015 and July 4 of this year, the statement said.
“The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines,” the statement said.
Prime Minister Lee said in a Facebook post that he did not know what information the attackers were hoping to find.
“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it,” he said.
Major cyber attacks have been rare in Singapore, which has invested heavily in cyber security over the past decade. The attack comes as the highly wired and digitalised state has made cyber security a top priority both at home and for its neighbours in the ASEAN regional bloc.
A Health Ministry official, who asked not to be named, said there may be “some inconvenience” as a result of the hack but the full extent of the impact was not immediately clear.
Cyber attacks on healthcare systems have surged in recent years around the globe because medical records can provide information valuable both to government spy agencies and criminal hackers looking to profit from identity theft.
“Medical data contains a trove of information – from personally identifiable data to financial details – that can be used to create a highly sought-after composite of an individual,” cyber security firm RSA’s Asia Pacific advisor Leonard Kleinman said.
“As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons,” he said.
Singapore will set up a commission of inquiry to look into the hack and immediately move to strengthen government defenses against cyber attacks, the Ministry of Communications said in a separate statement.