The personal data of 1.5 million patients in Singapore has been hacked recently in the country’s largest cyber-attack. 160,000 of these patients, including Prime Minister Lee Hsien Loong, had their outpatient prescription data stolen as well. The attackers had accessed and copied information such as names, identity card (IC) numbers, addresses, gender, race, and dates of birth. According to investigations by Integrated Health Information Systems, the data was stolen between 27 June and 4 July 2018.
The stolen records were of patients, who visited SingHealth clinics or hospitals from 1st May 2015 to 4th July 2018. All of Singapore’s Smart Nation plans have been paused in light of this attack. One such initiative is the mandatory contribution to the National Electronic Health Record (NEHR) project, which allows the sharing of patient data among hospitals. According to the 2017 Cost of Data Breach Study by Ponemone, a lost or stolen healthcare record fetches US$408.
The hack on SingHealth is the latest example of the vulnerability of digitized health data. Data breaches of this sort have become increasingly common. A study in 2015 suggested that around 29 million digital health records belonging to American citizens were exposed in one way or another between 2010 and 2013. Numerous hacks and breaches have been reported since then, including some targeting DNA registries. Digitizing health data can greatly speed treatment, but the fragmented nature of this information can leave plenty of openings for attackers.