Prime Minister, 1.5m users, health data stolen in cyberattack

A major cyberattack on Singapore’s government health database stole the personal information of about 1.5 million people, including Prime Minister Lee Hsien Loong, the government said on Friday.

The attack, which the government called “the most serious breach of personal data” that the country has experienced, comes as the highly wired and digitalized state has made cyber security a top priority for the ASEAN bloc and for itself.

Singapore is this year’s chair of the 10-member Association of Southeast Asian Nations (ASEAN) group.

“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS)confirmed that this was a deliberate, targeted and well-planned cyberattack,” a government statement said.

“It was not the work of casual hackers or criminal gangs,” the joint statement by the Health Ministry and the Ministry of Communications and Information said.

About 1.5 million patients who visited clinics between May 2015 and July 4 this year have had their non-medical personal particulars illegally accessed and copied, the statement said.

“The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines,” it said.

A Committee of Inquiry will be established and immediate action will be taken to strengthen government systems against cyber attacks, the Ministry of Communications said in a separate statement.

It did not provide details about what entity or individuals may have been behind the attack.

Lee, in a Facebook post following the announcement, said the breach of his personal medical data was not incidental and he did not know what information the attackers were hoping to find.

“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it,” he said.