SingHealth to contact all specialist clinics' patients via SMS over data breach

Evarado Alatorre
Julio 20, 2018

The compromised data includes personal information and medication dispensed to patients, but medical records and clinical notes have not been affected, the health and communications ministries said.

These notifications will be made through SMS or letters, said SingHealth on Friday (July 20), following an announcement that its database had been the target of a major cyber attack, and patients who sought treatment during that timeframe could have been affected.

It added that the hackers illegally accessed and copied the data of "1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018". Officials said hackers didn't edit or delete any patient records, but only exfiltrated it to a remote server.

"The security and confidentiality of patient information is a top priority", Prime Minister Lee said Friday in a Facebook post responding to the hack.

"This was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs", a separate statement from MCI said.

More news: 'I Thought The B**** Was White!'

Initial investigations showed that one SingHealth front-end workstation was infected with malware through which the hackers gained access to the data base.

Data exfiltration occurred between June 27 and July 4, the newspaper reported.

"Perhaps they were hunting for some dark state secret, or at least something to embarrass me". But in a news conference with local media, David Koh, chief executive of the Cyber Security Agency of Singapore, declined to discuss the perpetrators for security reasons.

The hackers did not stop after they were detected, according to the authorities, who said they detected "further malicious activities" as monitoring efforts were stepped up. All patient records in SingHealth's IT system remain intact. Patients can also access the Health Buddy mobile app and SingHealth website to check if they are affected by the breach. Similar measures are being put in place for IT systems across the public healthcare sector against this threat. The country has been applauded for its quick response and public disclosure. The review will cover areas like cybersecurity policies, threat management processes, IT system controls, among others.

"The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident", the statement concluded.

Otros informes por

Discuta este artículo

SIGUE NUESTRO PERIÓDICO