Singapore faced a major cyberattack that stole 1.5 million people’s personal health information, including that of Prime Minister Lee Hsien Loong, the government announced on Friday. Patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 1, 2015 and July 4, 2018 have had their information stolen, said the press release.

The data, which was illegally accessed and copied, included name, NRIC number, address, gender, race, and date of birth. Additionally, details on the outpatient dispensed medicines of approximately 160,000 of the patients was also taken, said the release.

SEE: IT leader’s guide to cyberattack recovery (Tech Pro Research)

After thorough investigation, the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) determined that the attack was “deliberate, targeted, and well-planned,” according to the release, and not the work of hackers or cyber gangs.

The attackers were even more direct in their targeting of Prime Minister Lee Hsien Loong, attempting repeatedly to obtain his personal information regarding his outpatient dispensed medicines, continued the release.

No further malicious activity has been detected since July 4, and all patient records in SingHealth’s IT system remain in place, said the release. Moving forward, the IHiS and CSA have taken further measures to secure SingHealth’s IT systems. These measures include temporarily imposing internet surfing separation, adding additional controls on servers, resetting user and system accounts, and installing more system monitoring.

The Singapore attack on its citizens and Prime Minister shows the risks associated with a connected health database. Nobody is safe when it comes to a cyberattack, so it’s vital companies keep their critical systems protected and patched, running test attacks to determine any vulnerabilities in their systems.

Click here for advice on how to beef up your organization’s cybersecurity policy.

The big takeaways for tech leaders:

  • A major cyberattack on Singapore health clinics resulted in 1.5 million patients’ data being stolen, along with the Prime Minister’s.
  • The health clinics are cracking down on cybersecurity efforts, but the attack proves how vulnerable connected health databases can be.