In speaking about the cyber-attack on SingHealth’s database, where 1.5 million patients’ information were compromised, PM Lee said, “I don’t know what the attackers were hoping to find.”
The hackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines” before illegally accessing and copying the data of “1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018”.
PM Lee hinted that he had nothing to hide and said: “Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed.”
The following is PM Lee’s statement in full:
SingHealth’s database has experienced a major cyber-attack. 1.5 million patients have had their personal particulars stolen. Of these, 160,000 also had their outpatient medication data compromised. I am personally affected, and not just incidentally. The attackers targeted my own medication data, specifically and repeatedly.
I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.
When SingHealth digitised its medical records, they asked me whether to computerise my own personal records too, or to keep mine in hardcopy for security reasons. I asked to be included. Going digital would enable my doctors to treat me more effectively and in a timely manner. I was confident that SingHealth would do their best to protect my patient information, just as it did for all their other patients in the database.
Of course, I also knew that the database would be attacked, and there was a risk that one day despite our best efforts it might be compromised. Unfortunately that has now happened.
The security and confidentiality of patient information is a top priority. I have ordered the Cyber Security Agency of Singapore – CSA and the Smart Nation and Digital Government Group (SNDGG) to work together with the Ministry of Health, Singapore to tighten up their defences and processes across the board. We are convening a Committee of Inquiry to look thoroughly into this incident. It will doubtless have valuable conclusions and recommendations, which will help us do better.
This will be a ceaseless effort. Those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying. Government systems come under attack thousands of times a day. Our goal has to be to prevent every single one of these attacks from succeeding. If we discover a breach, we must promptly put it right, improve our systems, and inform the people affected.
This is what we are doing in this case. We cannot go back to paper records and files. We have to go forward, to build a secure and smart nation. – LHL