1.5 Million Personal Info of Patients, including PM Lee, Stolen from SingHealth in Cyber Attack

The day has come. We are being attacked. I am not talking about “terrorism” (thankfully) but another kind of attack, the Cyber Attack. 1.5 million personal info of patients from SingHealth were stolen.

Every day, Singapore is being cyber-attacked by unknown forces and yesterday, we got to know that they had succeeded via SingHealth’s official announcement.

Out of the 1.5 million patients, 160,000 patients, including Prime Minister Lee Hsien Loong, had their outpatient prescriptions stolen. And it seems that they were targeting PM Lee.

This is the worst cyber attack that happened in Singapore. And according to reports, the cyber attack happened between 27th June and 4th July 2018.

You can read more information here.

In a Facebook post yesterday, PM Lee said that if the hackers are looking for some dark secret, they might be disappointed.

I don’t believe this episode will put a dent in our effort to become a digital nation. In fact, it is a wake-up call for many agencies to be vigilant about the risk of being cyber-attacked.

Following the news of the data breach, Sophos has released a commentary:

Paul Ducklin, Senior Technologist at Sophos said, “The data stolen in this breach is an identity thief’s goldmine. It’s a startling reminder to all Singaporeans that there is no such thing as ‘cyber attackers would never care about little old me’ – once your data is scooped up in a cybersecurity blunder of this sort, you simply can’t control where it will go next. Anyone affected in this breach has no choice but to assume that their personal information will end up for sale in the cyber underground, ready for active abuse by cybercrooks.”

Ducklin recommends:

  1. Keep a careful watch over all your financial statements – bank accounts, payment cards, loans, pension funds, taxation records and so on. Report any suspicious activity immediately. (But please read points 3 and 4 below!)
  2. Talk to your financial institutions about locking down account details in order to make it harder for cyber criminals to try to take over your accounts or to apply for services in your name.
  3. Be especially suspicious of unsolicited communications that arrive in the wake of this breach offering any sort of help or asking for further details “to assist in the investigation.” Social engineers and scammers are experts at preying on people’s fears (and their willingness to help) after security incidents of this sort.
  4. If you need help or advice on what to do next, don’t use contact information, web links or phone numbers that were sent to you online – look for contact information on existing invoices, on printed correspondence you received in the past, or by visiting an organisation’s office in person.

“Whether this was a lone hacker who got lucky, a well-oiled cybercrime gang or a state-sponsored attack team won’t get your personal data back, and it won’t change the fact that you can’t control who gets it next. Keep your own eyes open for any attempt to abuse your personal data in the future,” says Ducklin.

If you need to know more on whether you are one of the 1.5 million patients affected, read this post. I am sure you can find your answer.