Attempts to hack political players isn’t just an American thing. Lee Hsien Loong, Singapore’s prime minister, has been repeatedly targeted by cyber thieves—and they have accessed a database with information of 1.5 million patients who visited clinics run by SingHealth, the country’s public healthcare system.
The breach includes records for patients who visited SingHealth facilities from May 1, 2015, to July 4, 2018. Database administrators noticed unusual activity on July 4, when they halted activity and investigated the abnormalities. Information accessed and copied included patient names, addresses, dates of birth, race and gender.
“The records were not tampered with, i.e. no records were amended or deleted,” according to a SingHealth release. “No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.”
SingHealth stated it will notify all patients who visited clinics during the time frame of the security breach. Investigators have already identified the initial point of entry for the hackers, who accessed a front-end workstation and obtained privileged account credentials to access the database.
While millions of Singaporeans were affected, the hackers targeted the prime minister—an apparent effort to access confidential medical information.
“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System confirmed that this was a deliberate, targeted and well-planned cyberattack,” according to the SingHealth statement. “It was not the work of casual hackers or criminal gangs. The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.”