The health records and non-medical personal information of 1.5 million patients, including Singapore Prime Minister Lee Hsien Loong who was specifically targeted in the "unprecedented" attack, have been stolen, authorities said Friday.
The data of patients who visited SingHealth's specialist outpatient clinics and polyclinics between May 2015 and July 4 this year have been illegally accessed and copied, and the data includes sensitive information such as date and place of birth and address, they added.
In the biggest data breach in the city-state's history, a government database was broken into in a "deliberate, targeted and well-planned" strike, the health and information ministries said in a joint statement.
"Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong," health minister Gan Kim Yong told a press conference.
Forensic analysis by Singapore's Cyber Security Agency "indicates this is a deliberate, targeted, and well-planned cyberattack and not the work of casual hackers or criminal gangs," he added.
Officials declined to comment on the identity of the hackers, citing "operational security", but said the prime minister's data has not shown up anywhere on the internet.
"I don't know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me," Lee wrote on Facebook.
"My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it."
Hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted "unusual activity", authorities said.
The compromised data includes personal information and medication dispensed to patients, but medical records and clinical notes have not been affected, the health and communications ministries said.
Data for sale
"Health records contain information that is valuable to governments," said Eric Hoh, Asia-Pacific president of cyber-security firm FireEye.
"Nation states increasingly collect intelligence through cyber-espionage operations which exploit the very technology we rely upon in our daily lives."
Earlier this month, the U.S. National Intelligence Director Dan Coats described Russia, China, Iran and North Korea as the "worst offenders" when it came to attacks on American "digital infrastructure".
Some hackers have in the past offered stolen data and software for sale online.
Wealthy Singapore is hyper-connected and on a drive to digitize government records and essential services, including medical records which public hospitals and clinics can share via a centralized database.
But authorities have put the brakes on these plans while they investigate the cyberattack. A former judge will head a committee looking into the incident.
While the city-state has some of the most advanced military weaponry in the region, the government says it fends off thousands of cyberattacks every day and has long warned of breaches by actors as varied as high-school students in their basements to nation states.
In his Facebook post about the attack, Lee warned that "those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying."
Following the announcement, Singapore's cyber security agency has also put out two advisories advising web administrators and members of the public to protect personal data. This included complex instructions to secure website domains and just simply watching out for suspicious information requests.
A new Cybersecurity Act passed earlier this year requires those providing essential services -- including government, healthcare and security -- to secure their web infrastructure and report any major incidents.
In 2017, hackers broke into a defense ministry database, stealing the information of some 850 army conscripts and ministry staff.