TARGET: SingHealth Patient Data Breach

Singapore authorities reported on a cyber-attack affecting SingHealth, the largest group of healthcare institutions in Singapore. This cyber-attack is the largest known cyber-attack targeting organizations based in Singapore that has been reported by Singapore news media. The cyber-attack appears to have resulted in a data breach affecting around 1.5 million patients who visited SingHealth between May 1, 2015 to July 4, 2018. The data breach included personally identifiable information such as names, NRIC, address, gender and race. Around 160,000 of these patients also had their outpatient prescriptions stolen. The Prime Minister of Singapore’s personal information was targeted as part of the attack.

The attack was first identified by database administrators from the Integrated Health Information System (IHIS) on July 4, 2018, when they identified anomalous activity on one of SingHealth’s IT databases. By July 10th, investigators confirmed it was a cyber-attack, with data stolen between June 27 and July 4.

Although attribution to the exact party that performed the attack is speculative with the data that is publicly available, a statement by the Singapore Health Ministry stated that “It [the attack] was not the work of casual hackers or criminal gangs.” We expect to be able to understand more about the attackers once more technical data is available.

Proficio Threat Intelligence Recommendations:

  • Ensure that any sensitive data is encrypted, and limit access of employees and other stakeholders by their roles using the principle of least privilege. Passwords that are stored should be encrypted, and strong password policies should be enforced.
  • Review the organization’s data retention policies on the duration and the types of PII data that should be stored. To further limit data exposure, companies are advised to purge customer’s PII if it is unneeded for business purposes and not required anymore to be retained by law.
  • Any potential victim can check if their data have been compromised by accessing the following website:

General Information – Click Here