E-mail channel and hotline for SingHealth patients whose data was stolen in cyber attack

In Singapore’s worst cyber attack, hackers have stolen the personal particulars of 1.5 million patients.
PHOTO: ST FILE
Adrian Lim 
Updated
Published
July 20, 2018 at 8:38 PM

SINGAPORE - All patients who visited SingHealth's specialist outpatient clinics and polyclinics between the period of May 1, 2015, and July 4, 2018, will be informed as to whether their data was stolen, and how they can seek help.

These notifications will be made through SMS or letters, said SingHealth on Friday (July 20), following an announcement that its database had been the target of a major cyber attack, and patients who sought treatment during that timeframe could have been affected.

The first SMSes were sent out from 6pm on Friday, said SingHealth chief executive Ivy Ng, and all affected patients should receive the messages within the next five days.

For the approximately 1.3 million patients who had their personal particulars - including their name, NRIC number, address, gender, race and date of birth - illegally accessed and copied by hackers, an e-mail address will be provided to which they can write to seek help, Professor Ng said.

As for the 160,000 outpatients who also had the records of their dispensed medicines stolen, a hotline number will be given for them to seek help.

The hotline will be manned by healthcare professionals from 9am to 9pm. "The number (affected) is very large, and we wanted to cater specifically to this group," Prof Ng said.

Explaining the different levels of help provided, Prof Ng added: "There is some sort of risk stratification... There isn't so much fraudsters can do with just the demographic data, which doesn't include mobile phone (numbers) and financial data... so no credit card data and so on was taken," she added.

A​bout 1.5 million patients, including Prime Minister Lee Hsien Loong​ ​and a ​few ministers, ​have had their personal data stolen. Some 160,000 people also had their outpatient prescriptions stolen.​

The e-mail channel and hotline will be maintained for as long as necessary, said Prof Ng.

Patients whose mobile phone numbers are not in SingHealth's records will be informed by post within a week

Members of the public can also access the Health Buddy mobile app or SingHealth website at www.singhealth.com.sg to check if they are affected by the incident.

Cyber Security Agency of Singapore chief executive David Koh said the authorities will monitor if the stolen records have been misused.

"We are watching to see if anything appears on the Internet, both in the open and (on) less well-known websites," he said during a press conference on Friday.

Related Stories
SingHealth database hackers have targeted other systems here since at least 2017: Symantec
Data leaks are serious business and other lessons to learn from SingHealth breach
Tiered model of Internet access being considered for public healthcare sector, says Gan Kim Yong
11 critical sectors to shore up defences in response to SingHealth COI report: Iswaran
Singapore's privacy watchdog fines IHiS $750,000 and SingHealth $250,000 for data breach
Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair
COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief
SingHealth COI: Communication problems hampered data breach response, says expert witness

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 076/10/2022, MCI (P) 077/10/2022. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2023 SPH Media Limited. All rights reserved.

Back to the top