News Centre

Singapore Data Hackers Steal 1.5M Of Personal Data (quarter of the population including the Prime Minister!)

Article by diogo@techpatrol.com.au
July 23, 2018

SHARE THIS POST:

Tech Patrol

Local hackers in Singapore have stolen over 1.5 Million residents personal data, or around a quarter of the countries population, through an attack on SingHealthm – according to officials. 

 

The “Deliberate, targeted and well-planned” attack, according to a Singaporean Government statement. The breach was executed when hackers broke into the country’s Government health database creating over 1.5 Million breaches in personal local data also detailing private medical information of all targeted individuals including Singapore’s Prime Minister, Lee Hsien Loong.

“I am personally affected, and not just incidentally,” Mr Lee said on Friday in a Facebook post, adding that the attackers might have been “hunting for some dark state secret, or at least something to embarrass me”.

“My medication data is not something I would ordinary tell people about, but there is nothing alarming in it,” he added.

 

It has been reported  SingHealth, according to MCI, MOH and IHIS’ database administrators detected unusual activity back in July 4th and the organisation acted immediately to stop it. Including carrying out their own internal investigation, whilst putting in place additional security measures, according to the release.

How Did This Happen?

 

 

It is understood that a device belonging to SingHealth, which is one of the statte’s two major government healthcare groups. SingHealth was infected by a malware that could possibly be linked to the Panda Banker Malware which hackers used to gain access to Banking data. It’s reported that the Malware allowed Hackers to gain access to te confidential database and originally struck sometime between June 27th and July 4th, according to the government.

The organisation, to try and plug leaks from work e-mails and shared documents, has temporarily banned staff from accessing the internet on all 28,000 of its work computers, accrsing to the Straits Times.

Other public healthcare institutions are expected to do the same.

Is Singapore A Target For Hackers?

Singapore has stepped up measures in recent years, including the disconnection of devices for certain ministries in the civil service from the internet, so that they can only operate through a secure intranet.

The government has expressed their warnings of cyber-attacks, claiming that they have been the target of international hackers, but most of these attacks were stopped before they reached any data or caused any harm to systems.

However, it was only late last year when it was reported that a cyber-attack that targeted defence ministry got basic information on military conscripts.

 

Prime Minister Lee Hsien Loong's website was hacked in 2013.
Prime Minister Lee Hsien Loong’s website was hacked in 2013.

 

In 2013 the Singaporean Prime Minister’s official website was “Compromised” by hackers claiming to be members f the notorious hacking group Anonymous.

Anonymous had earlier threatened to target infrastructure in Singapore in what it was said to be a protest against licensing regulations on news websites across the country.

The hackers accessed the website by an unsecured backend and posted the now iconic image or a Guy Fawkes mask – the mask is internationally recognised as the symbol of the Anonymous group – on the front page of the Prime Ministers official website with the words: “It’s great to be Singaporean today.”.

Why Target Health Records?

 

 

According to Eric Hoh, the Asia Pacific president of security company FireEye. Health records are often targeted because they contain valuable information to governments.

“Nation states increasingly collect intelligence through cyber espionage operations which exploit the very technology we rely upon in our daily lives,” he says, adding: “Many businesses and governments in South East Asia face cyber threats, but few recognise the scale of the risks they pose.”

The most common cyber-threats to healthcare are data theft attacks. They typically start from something like a phishing attack. For example, if you are a doctor with access to patients’ records, an attacker may send you an e-mail and convince you to click a link or attachment that downloads a piece of software known as malware to your computer. This is the technique that we believe has been executed against SingHealth.

Take Aways:

  • Always make sure procedures are in place for user email handling.
  • Make sure there is no Malware in your network working away.
  • Please contact us or your Managed service provider for a security check.

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

adobe-exploit-tech-patrol

Using Adobe? New Critical Security Updates for Acrobat, Reader and Photoshop CC

Panda-Banker-Malware-Tech-Patrol

PANDA Banker Malware Targeting Financial Institution, Cryptocurrency Exchanges And Social Media

Deloitte-Tech-Patrol

Deloitte Hacked – Clients’ Emails Exposed

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
singapore-data-hackers-steal-1-5m-of-personal-data-quarter-of-the-population-including-the-prime-minister-tech-success
Scroll to Top