E-mail channel and hotline for SingHealth patients whose data was stolen in cyber attack

In Singapore’s worst cyber attack, hackers have stolen the personal particulars of 1.5 million patients.

SINGAPORE - All patients who visited SingHealth's specialist outpatient clinics and polyclinics between the period of May 1, 2015, and July 4, 2018, will be informed as to whether their data was stolen, and how they can seek help.

These notifications will be made through SMS or letters, said SingHealth on Friday (July 20), following an announcement that its database had been the target of a major cyber attack, and patients who sought treatment during that timeframe could have been affected.

The first SMSes were sent out from 6pm on Friday, said SingHealth chief executive Ivy Ng, and all affected patients should receive the messages within the next five days.

For the approximately 1.3 million patients who had their personal particulars - including their name, NRIC number, address, gender, race and date of birth - illegally accessed and copied by hackers, an e-mail address will be provided to which they can write to seek help, Professor Ng said.

As for the 160,000 outpatients who also had the records of their dispensed medicines stolen, a hotline number will be given for them to seek help.

The hotline will be manned by healthcare professionals from 9am to 9pm. "The number (affected) is very large, and we wanted to cater specifically to this group," Prof Ng said.

Explaining the different levels of help provided, Prof Ng added: "There is some sort of risk stratification... There isn't so much fraudsters can do with just the demographic data, which doesn't include mobile phone (numbers) and financial data... so no credit card data and so on was taken," she added.

SPH Brightcove Video
A​bout 1.5 million patients, including Prime Minister Lee Hsien Loong​ ​and a ​few ministers, ​have had their personal data stolen. Some 160,000 people also had their outpatient prescriptions stolen.​

The e-mail channel and hotline will be maintained for as long as necessary, said Prof Ng.

Patients whose mobile phone numbers are not in SingHealth's records will be informed by post within a week

Members of the public can also access the Health Buddy mobile app or SingHealth website at www.singhealth.com.sg to check if they are affected by the incident.

Cyber Security Agency of Singapore chief executive David Koh said the authorities will monitor if the stolen records have been misused.

"We are watching to see if anything appears on the Internet, both in the open and (on) less well-known websites," he said during a press conference on Friday.

Join ST's Telegram channel and get the latest breaking news delivered to you.