A cyber attack on Singapore’s public health system which breached records on 1.5 million people targeted the prime minister, officials said.
Image: Lee Hsien Loong
Attackers repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on medicine dispensed to him, the communications and health ministries said. He has been treated for cancer twice.
Police investigations are ongoing.
Singapore’s health and information ministries said a government database was broken into in a “deliberate, targeted and well-planned” strike, describing the attack as “unprecedented”.
“Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong,” health minister Gan Kim Yong told a press conference.
“Forensic analysis by Singapore’s Cyber Security Agency “indicates this is a deliberate, targeted, and well-planned cyber-attack and not the work of casual hackers or criminal gangs,” he added.
Officials declined to comment on the identity of the hackers, citing “operational security”, but said the prime minister’s data has not shown up anywhere on the internet.
“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me,” Lee wrote on Facebook.
“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
Hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted “unusual activity”, authorities said.
The compromised data includes personal information and medication dispensed to patients, but medical records and clinical notes have not been affected, the health and communications ministries said.
The attack on SingHealth data involved people who visited outpatient clinics from May 2015 to July 4, when the cyber attack occurred. Their data was copied, but officials say nothing was altered. Some had their records of dispensed medicines copied, itv.com reported.
Mr Lee has been treated for lymphoma and prostate cancer.
SingHealth’s database had a major cyberattack. 1.5m patients, myself included, have had personal data stolen. CSA & SNDGG will work with MOH to tighten up defences & processes. We are convening a Committee of Inquiry to look into this. – LHL https://t.co/lO68rXKfQ3
— Lee Hsien Loong (@leehsienloong) July 20, 2018
He said on Facebook that if the hackers were looking for a dark state secret or something to embarrass him, “they would have been disappointed”.
“Health records contain information that is valuable to governments,” said Eric Hoh, Asia-Pacific president of cyber-security firm FireEye.
“Nation-states increasingly collect intelligence through cyber-espionage operations which exploit the very technology we rely upon in our daily lives.”