State actor most likely involved Credit: Thinkstock Singapore has suffered the most serious attack in the nation-state’s history, impacting 1.5 million patients to SingHealth’s specialist outpatient clinics between 1 May 2015 and 4 July 2018. The level of sophistication needed for such an attack narrows the possibilities of who was responsible, with the most likely scenario a state actor, with only a few countries housing the capabilities to carry out such an attack. When pressed who the authorities believe was responsible, David Koh, CEO of cyber security agency of Singapore, apologised for not being able to disclose more, citing operational security reasons. What data was stolen? At this stage, what Channel Asia understands so far is that the personal information of 1.5 million patients were stolen, including name, NRIC number, address, gender, race and date of birth. Furthermore, 160,000 patients had details related to outpatient dispensed medicines stolen, however, no records were tampered with, from what Channel Asia understands currently. No evidence of other breaches was found, including patient records, such as diagnosis, test results or doctors’ notes, etc. In addition, it has also been disclosed that Lee Hsien Loong – Singapore Prime Minister – had his personal particulars stolen as well as his outpatient dispensed medicines record, in what was described as “specific and repeated” targetted attacks. Investigations are ongoing in a joint effort by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information Systems (IHiS) with more information expected within the coming days and weeks. “This was a deliberate, targeted and well-planned cyber attack,” said the CSA and IHiS in a joint statement. “It was not the work of casual hackers or criminal gangs.” All patients, whether or not they were affected will receive an SMS notification over the next five days SingHealth has revealed, with patients also able to access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident. While Singapore’s Health Minister, Gan Kim Yong, apologised for the breach and to affected patients, Communications and Information Minister S Iswaran vowed to get to the bottom of the incident. A committee of inquiry is expected to be set up to conduct an independent external review of this incident it was revealed. Behind the breach Channel Asia understands so far that the SingHealth IT system was compromised through an initial breach on a particular front-end workstation, gaining privileged account credentials to gain access to the database. The breach was immediately contained, preventing further exfiltration, CSA disclosed in a statement. When did the attack occur? From what Channel Asia understands, the discovery of the attack occurred on 4 July when IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases; immediately halting the activity upon discovery. On 10 July, investigations confirmed that it was a cyber attack, and the Ministry of Health (MOH), SingHealth and CSA were informed. Meanwhile on 12 July 2018, a police report was made, with investigations ongoing. Channel Asia understands that the attack began 27 June and ended 4 July once IHiS’ database administrators detected the attack and put a stop to it. “No further illegal exfiltration has been detected since 4 July 2018,” declared a joint statement, “all patient records in SingHealth’s IT system remain intact.” In a combined effort, IHiS with the support of CSA, implemented further measures to tighten the security of SingHealth’s IT systems, including temporarily imposing internet surfing separation. Furthermore, additional controls on workstations and servers, reset user and systems accounts and installed additional system monitoring controls, were also enacted. “Similar measures are being put in place for IT systems across the public healthcare sector against this threat,” it was disclosed. Related content brandpost The steep cost of a poor data management strategy Without a data management strategy, organizations stall digital progress, often putting their business trajectory at risk. Here’s how to move forward. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Jun 09, 2023 6 mins Data Management feature How Capital One delivers data governance at scale With hundreds of petabytes of data in operation, the bank has adopted a hybrid model and a ‘sloped governance’ framework to ensure its lines of business get the data they need in real-time. By Thor Olavsrud Jun 09, 2023 6 mins Data Governance Data Management feature Assessing the business risk of AI bias The lengths to which AI can be biased are still being understood. The potential damage is, therefore, a big priority as companies increasingly use various AI tools for decision-making. By Karin Lindstrom Jun 09, 2023 4 mins CIO Artificial Intelligence IT Leadership brandpost Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation By Kamal Nath, CEO, Sify Technologies Jun 08, 2023 6 mins CIO Digital Transformation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe