One Fourth of the Population in Singapore Affected in Health Records Hack

Not only are data hacks and breaches becoming more recurrent, but their size is becoming truly astronomical. Following the Exactis fiasco – a marketing and data-aggregation company that left information about every adult living in the US out in the open – hackers have managed to glean data on about a quarter of the population in Singapore.

Hackers broke into the government health database and stole data belonging to some 1.5 million people. People affected comprise individuals that have visited clinics between May 1st, 2015 and July 4th of this year. The stolen data contained names and addresses of those individuals; the good news is that the data did not include medical records, aside from information on their medicine in a number of instances – 160,000 individuals to be exact.

The government issued a statement saying that “the records were not tampered with, ie no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.”

How Did It Happen

Hackers were able to use an infected computer belonging to one of the state’s two major government healthcare groups, SingHealth, to gain access to the database. In response, SingHealth has disconnected all 28,000 of its work computers; the connection will be restored once leaks are plugged leaks.

The government on Singapore has been vigilant when it comes to cyber attacks, issuing public warnings and announcing foiled attempts. The government has also disconnected computers at certain civil service ministries and allowed them to operate on intranet only. But these measures haven’t stopped attacks.

Back in 2013, the prime minister’s official website was hacked, allegedly by the hacking group known as Anonymous – the hackers had posted an image of the Guy Fawkes mask, the symbol of the group – on the website.

The same group had also previously threatened to target infrastructure in Singapore in response to the country’s licensing regulations on news websites.

Last year, the defense ministry was targeted with a cyber attack which resulted in only basic information on military conscripts being stolen.