Personal info of 1.5m SingHealth patients stolen in Singapore’s worst cyber attack

The attack on the SingHealth database is believed to be the most serious breach of personal data in Singapore’s history.


The attack, which was carried out at the beginning of July, targeted information linked to patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 2015 and July 2018. SingHealth said it would be contacting all affected patients.

Around 1.5 million people who visited outpatient clinics from May, 1, 2015, to July 4 this year had their personal data accessed and copied, including names, identification card numbers, addresses, race, gender and dates of birth. Of that total, 160,000 also had their records of dispensed medicines copied too.

Officials said the patients’ information was not amended or deleted. And the hackers did not have access to other records, such as diagnosis documents, test results or doctors’ notes, the statement said.

Singapore is not the only country to be subjected to high-profile attacks by hacking groups. Others include:


– Earlier this year, Germany’s government IT network was attacked by hackers targeting the interior ministries’ private networks. It was reported that a group known as Fancy Bear was responsible

– A cyber-attack crippled the UK’s National Health Service (NHS) and other organisations around the world in May last year. A hacking group in North Korea known as Lazarus is believed to have launched the attack, which involved malware known as WannaCry


press release from Singapore’s Ministry of Health.