The personal data of 15L Singapore citizens were targeted in the city state's "biggest ever data breach," authorities said today.
PM Lee Hsien Loong was "specifically and repeatedly target(ed)," including his particulars and outpatient dispensed medicines.
"Personal data" included name, address, race and NRIC numbers. Medical records like past illnesses and examination reports weren't affected.
Now, security measures have been tightened, official said.
Nothing alarming in my medication data: PM
"I don't know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or something to embarrass me. If so, they would have been disappointed... There is nothing alarming in (my medication data)," Loong said in a statement.
The breach was detected after eight days
The breach happened in SingHealth's IT database during June 27-July 4. Patient records of those who visited specialist outpatient clinics during May'15-July'18 were accessed and copied.
It was detected on July 4, when officials of the Integrated Health Information System (IHIS) detected "unusual activity."
They immediately upped security while continuing to monitor it. By July 9, they concluded it was a cyberattack.
Attack was deliberate, targeted and well-planned: Statement
Top ministers and officials addressed a press conference today, calling it an "unprecedented" attack that was "deliberate, targeted and well-planned." However, they didn't reveal details citing "operational security." "We have not found evidence of a similar breach in the other public healthcare IT systems."
Authorities take several strict security measures
Officials said they've taken strict security measures, including imposing internet separation policies, additional control on workstations and servers, more monitoring controls and resetting of user accounts.
SingHealth will contact all affected patients and notify them. Those unaffected will also receive alerts through phone.
IHIS will conduct a thorough review of the public healthcare system, with help from third parties.
A Committee of Inquiry will be established.
Last year saw at least three major attacks in Singapore
This was the largest cyber attack in Singapore till date, but similar breaches have been reported before.
Last year itself saw several attacks. In December, Uber announced data of nearly 4L Singaporean users had been hacked.
In September, personal information of 5,400 AXA Insurance customers was compromised.
In May, the National University of Singapore and Nanyang Technological University was targeted for government and research data.