SingHealth cyber attack: How to check if you are affected, and what you need to know

The personal data of more than 1.5 million patients, including Prime Minister Lee Hsien Loong, were stolen in the cyber attack. PHOTO: BLOOMBERG
SPH Brightcove Video
A​bout 1.5 million patients, including Prime Minister Lee Hsien Loong​ ​and a ​few ministers, ​have had their personal data stolen. Some 160,000 people also had their outpatient prescriptions stolen.​

SINGAPORE - SingHealth, the largest group of healthcare institutions here, was the target of a major cyber attack, the authorities said on Friday (July 20).

About 1.5 million patients, including Prime Minister Lee Hsien Loong, have had their personal data stolen in Singapore's most serious cyber attack.

Here is what you need to know about the case.

1. What happened?

About 1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018, had their personal particulars illegally accessed and copied.

The data stolen included name, NRIC number, address, gender, race and date of birth. About 160,000 of these patients also had their outpatient prescriptions stolen.

The authorities said this was a "deliberate, targeted and well-planned cyber attack", and the attackers specifically and repeatedly targeted PM Lee's personal particulars and information on medicine that had been dispensed to him.

2. How was the attack detected?

On July 4, database administrators from Integrated Health Information System (IHIS), the agency which runs the IT systems of public healthcare institutions, detected unusual activity on one of SingHealth's IT databases.

They investigated the incident, and put in place additional cyber-security precautions.

On July 10, investigations confirmed it was a cyber attack, with the data stolen between June 27 and July 4.

SingHealth lodged a police report on July 12 . Police are investigating.

More malicious activities were observed during heightened monitoring. But no more data has been stolen. Healthcare services were not disrupted and patient care not compromised during the attack, said the authorities in a press statement on Friday.

3. How do you know if your data has been stolen?

SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018, to notify them if their data has been copied.

All patients, whether or not their data has been compromised, will also receive an SMS notification over the next five days. They can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

SingHealth is Singapore's largest group of healthcare institutions, including public hospitals such as Singapore General Hospital, Changi General Hospital, KK Women's and Children's Hospital and Sengkang General Hospital.

The group also includes national speciality centres: National Cancer Centre, National Heart Centre and Singapore National Eye Centre.

SingHealth also runs polyclinics in Bedok, Bukit Merah, Marine Parade, Outram, Pasir Ris, Punggol, Sengkang and Tampines, as well as Bright Vision Hospital. Two other polyclinics in Queenstown and Geylang used to be under SingHealth.

4. What happens next?

The Health Ministry has directed IHIS to conduct a thorough review of the public healthcare system to improve cyberthreat prevention, detection and response.

The Cyber Security Agency will work with the 11 key sectors - such as energy and banking - to enhance cyber security in their systems.

The authorities will also not introduce any new ICT (information and communications technology) systems while they review existing cyber-security measures and implement any additional security safeguards.

Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, has convened a committee of inquiry to look into the attack.

Chaired by retired Senior (now termed Chief) District judge Richard Magnus, the committee will establish the factors leading to the attack and recommend measures to better manage and secure public sector IT systems against similar attacks in the future.

5. Have there been other security breaches here?

The SingHealth cyber attack is the largest breach in Singapore to date, eclipsing ride-hailing app Uber's announcement in December 2017 that the personal information of 380,000 users in Singapore had been compromised in a breach the year before.

In another case, the personal data of 5,400 customers from AXA Insurance was compromised in a data breach in September 2017.

In May 2017, the National University of Singapore and Nanyang Technological University were hit by sophisticated cyber attacks aimed at stealing government and research data.

In February 2017, the details of 850 personnel were stolen in a breach of Mindef's i-net system, with experts saying it could have been a state-sponsored attack.

Join ST's WhatsApp Channel and get the latest news and must-reads.