Breachers have illegally stolen health records related to over a quarter of city state’s population of Singapore, including Prime Minister Lee Hsien Loong who was the main target in the Singapore’s biggest data violation ever. The attack was first noticed on July 4th by SingHealth.
The body controlling the health service of the state, SingHealth affirmed on July 1st that it was going to discontinue staff access to cloud storage which includes Dropbox, and OneDrive.
The ministries of health and information said government record was hacked. The act was “deliberate, targeted and well-planned” strike, unfolding it as “unprecedented”. Spokesperson refused to disclose the identity of the hackers, calling it operational security and confidential. Health minister Gan Kim Yong said to media conference:
“The Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong.” “It was not the work of casual hackers or criminal gangs,” the government further Stated.
While the state’s advanced military weaponry have long warned about the cyber breaches to Government. The data of patients who visited clinics between May 2015 and 4 July this year was illegally copied.
The PM wrote made a statement about the issue on his Facebook page, Lee said: “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
In 2017, hackers tried to ruin the defense ministry’s database; in previous act they tried stealing the information of almost 850 army drafts and ministry staff data. Officials have called the recent attack “the most serious breach of personal data” in Singapore’s history of hacking.
About 160,000 victims including the PM are among those whose outpatient medication data was compromised. Others had their name, national ID card number, race and date of birth, address and gender breached.