1.5 million personal data stolen in Singapore

Singapore has suffered a cyberattack in which data have been stolen from 1.5 million health care patients, including those of the prime minister, as reported by the Health Minister. Stolen data, including name, birthdate, gender, address and racial group, belong to patients who went to the centers of the largest group of health institutions in the country (SingHealth) between May 1, 2015 and the July 4, 2018. Medical prescriptions of 160,000 ambulatory patients were also accessed.

The first sign of unusual activities was detected on July 4, 2018 by Integrated Health Information Systems (IHiS), which is the technology agency of the public health sector and responsible for managing the IT systems of local public health institutions. The agency acted immediately to stop the illegal activities and implemented additional cybersecurity precautions, while conducting further investigations into the incident. Six days later, on July 10, IHiS informed the Health Minister and the cybersecurity agency of Singapore (CSA) once the theft of the information was confirmed, which according to the investigations was finally originated on June 27. According to some cybersecurity providers, the compromised data can be found for sale on the Dark Web.