Hackers have stolen the personal data of 1.5 million people in Singapore (est. 1/4th of the total population).

A government health database was deliberately targeted in a premeditated attack. The victims are those who visited health clinics between May 1st, 2015 and July 4th, 2018. The data stolen includes names, addresses and medications dispensed to 160,000 patients. The government believes the records have not been edited or deleted, and that no diagnoses, test results or practitioner notes have been stolen. Fortunately, there is no evidence at this time to suggest any information outside of the public healthcare IT systems has been breached. Ongoing investigations show that the data of Prime Minister Lee Hsien Loong was specifically targeted, including his dispensed medication records. The Prime Minister has survived cancer twice.

A computer belonging to SingHealth, one of the state’s two largest government healthcare groups, was infected with malware that allowed the hackers to then gain access to the database. It is estimated the attack occurred between June 27th and July 4th, 2018.

In response, SingHealth has temporarily banned staff from accessing the internet on all 28,000 of their work computers while they strive to stop leaks from work emails and shared documents as well as guarding against other cyber-attacks. Other public healthcare institutions are likely to take similar actions.

Last year, a cyber-attack targeted Singapore’s defense ministry, but the hackers only obtained basic information on military transcripts. In 2013, the Prime Minister’s official website was compromised by members of the hacking group Anonymous. Anonymous has threatened to target Singapore’s infrastructure in protest against licensing regulations on news websites.

These attacks are not isolated to Singapore.

  • In early 2018, Germany’s government IT network was hacked by a group known as Fancy Bear, who attempted to breach the interior ministry’s private networks.
  • Both the US and UK continue to investigate cyber-attacks by the Russian military against Ukraine that spread globally in February 2018. Moscow denied the attacks.
  • The UK National Health Service (NHS) and other organizations were attacked by a group called Lazarus in May 2017, launching the malware known as WannaCry.
  • In 2014, North Korea attacked Sony Pictures after the company released a film featuring leader Kim Jong-un.

“Health records are often targeted because they contain valuable information to governments,” says Eric Hoh, head of FireEye security, who has been following the story. “Many businesses and governments face cyber threats, but few recognize the scale of the risks they pose.”

Cyber-attacks are a very real and increasingly catastrophic threat that impacts lare institutions and small businesses alike. Don’t risk your livelihood over of a lack of proper preparation and weak cyber security infrastructure. Call 914-934-9775 and ask our representative how PCI can protect your business from data breaches.