State actor most likely involved Credit: Thinkstock Singapore has suffered the most serious attack in the nation-state’s history, impacting 1.5 million patients to SingHealth’s specialist outpatient clinics between 1 May 2015 and 4 July 2018. The level of sophistication needed for such an attack narrows the possibilities of who was responsible, with the most likely scenario a state actor, with only a few countries housing the capabilities to carry out such an attack. When pressed who the authorities believe was responsible, David Koh, CEO of cyber security agency of Singapore, apologised for not being able to disclose more, citing operational security reasons. What data was stolen? At this stage, what Channel Asia understands so far is that the personal information of 1.5 million patients were stolen, including name, NRIC number, address, gender, race and date of birth. Furthermore, 160,000 patients had details related to outpatient dispensed medicines stolen, however, no records were tampered with, from what Channel Asia understands currently. No evidence of other breaches was found, including patient records, such as diagnosis, test results or doctors’ notes, etc. In addition, it has also been disclosed that Lee Hsien Loong – Singapore Prime Minister – had his personal particulars stolen as well as his outpatient dispensed medicines record, in what was described as “specific and repeated” targetted attacks. Investigations are ongoing in a joint effort by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information Systems (IHiS) with more information expected within the coming days and weeks. “This was a deliberate, targeted and well-planned cyber attack,” said the CSA and IHiS in a joint statement. “It was not the work of casual hackers or criminal gangs.” All patients, whether or not they were affected will receive an SMS notification over the next five days SingHealth has revealed, with patients also able to access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident. While Singapore’s Health Minister, Gan Kim Yong, apologised for the breach and to affected patients, Communications and Information Minister S Iswaran vowed to get to the bottom of the incident. A committee of inquiry is expected to be set up to conduct an independent external review of this incident it was revealed. Behind the breach Channel Asia understands so far that the SingHealth IT system was compromised through an initial breach on a particular front-end workstation, gaining privileged account credentials to gain access to the database. The breach was immediately contained, preventing further exfiltration, CSA disclosed in a statement. When did the attack occur? From what Channel Asia understands, the discovery of the attack occurred on 4 July when IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases; immediately halting the activity upon discovery. On 10 July, investigations confirmed that it was a cyber attack, and the Ministry of Health (MOH), SingHealth and CSA were informed. Meanwhile on 12 July 2018, a police report was made, with investigations ongoing. Channel Asia understands that the attack began 27 June and ended 4 July once IHiS’ database administrators detected the attack and put a stop to it. “No further illegal exfiltration has been detected since 4 July 2018,” declared a joint statement, “all patient records in SingHealth’s IT system remain intact.” In a combined effort, IHiS with the support of CSA, implemented further measures to tighten the security of SingHealth’s IT systems, including temporarily imposing internet surfing separation. Furthermore, additional controls on workstations and servers, reset user and systems accounts and installed additional system monitoring controls, were also enacted. “Similar measures are being put in place for IT systems across the public healthcare sector against this threat,” it was disclosed. Related content how-to How to create an effective business continuity plan A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. Here’s how to create a plan that gives your business the best chance of surviving such an By Mary K. Pratt, Ed Tittel, Kim Lindros Dec 07, 2023 11 mins Small and Medium Business Small and Medium Business Small and Medium Business interview WestRock CIDO Amir Kazmi on building resiliency Multidimensional resiliency is vital to setting yourself, your teams, and your organization up for success. Kazmi sets the tone at WestRock by recognizing the pace of change, instilling a learning and growth mindset, and being transparent with his te By Dan Roberts Dec 07, 2023 8 mins IT Strategy Staff Management IT Leadership brandpost Sponsored by FPT Software Time for New Partnership Paradigms to Be Future-fit By Veronica Lew Dec 06, 2023 5 mins Vendors and Providers brandpost Sponsored by BMC Why CIOs should prioritize AIOps in 2024 AIOps empowers IT to manage services by incorporating AI/ML into operations. By Jeff Miller Dec 06, 2023 3 mins IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe