One in four Singapore residents hit in medical data theft

The "well-planned" attack affected 1.5 million people in the city-state, officials said.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane

A data breach in Singapore resulted in a quarter of the country's population having their information stolen.

Edward Tian/Getty

Hackers stole the personal data of 1.5 million people in Singapore by breaking into a government health database, officials said Friday.

The data, taken between June 27 and July 4, included names and addresses of those who had visited health clinics since May 2015, but not full medical records. However, details about medications were stolen from about 160,000 people, according to a government statement.

"The records were not tampered with, ie no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors' notes, were breached," Singapore's Ministry of Health said in the statement. "We have not found evidence of a similar breach in the other public healthcare IT systems."

It was a "deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs," the government said.

The hackers "specifically and repeatedly targeted" data belonging to Singapore's prime minister, Lee Hsien Loong, whom the BBC notes has survived two battles with cancer.

In 2016, Singapore took measures to avoid attacks like this by cutting off internet access on government computers. However, the impacted computers at the Ministry of Health still had access.

Starting Friday, the government will contact all patients who visited the clinics from May 1, 2015, to July 4, 2018, to inform them of the breach.