Singaporean Prime Minister Lee Hsien Loong revealed in a Facebook post that SingHealth, the city-state’s largest group of healthcare institutions, had experienced a major cyber-attack, in which 1.5 million patients had their personal particulars stolen.
He said 160,000 of the 1.5 million patients also had their outpatient medication data compromised. “I am personally affected, and not just incidentally. The attackers targeted my own medication data, specifically and repeatedly,” he added.
Lee said the hackers would have been disappointed if they hoped to find some dark state secret or something to embarrass him, because his medication data was not something he would ordinarily tell people about, but “there is nothing alarming in it.”
The prime minister said the security and confidentiality of patient information was a top priority, and he had ordered the Cyber Security Agency of Singapore and the Smart Nation and Digital Government Group to work together with the Ministry of Health, to tighten up their defenses and processes across the board.
“We are convening a Committee of Inquiry to look thoroughly into this incident,” he said. “It will doubtless have valuable conclusions and recommendations, which will help us do better.”
Earlier on Friday, the Ministry of Health announced that about 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth.
The ministry said it had directed the Integrated Health Information System to conduct a thorough review of public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response.