Singapore Health Services Data Breach Exposes Info on 1.5 Million People
(Jul 20, 2018)
The personal information of over 1.5 million patients of Singapore Health Services for the past three years was compromised following a data breach. The attackers deliberately targeted data regarding health information of the Singapore Prime Minister Lee Hsien Loong. The stolen data includes national registration identity numbers, names, birthdates, addresses, gender, and race information. Medication lists of at least 160,000 patients were also compromised. The attack is reported to have taken place between June 27, 2018 to July 4, 2018. It is believed to have been a state-sponsored attack, though there is no physical evidence to corroborate this.
Recommendation: Leaks of this sort causes individuals to be at a large risk of identity theft and other threats. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed. Organisations need to implement more measures to strengthen security, including additional controls on workstations and servers and resetting user and system accounts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.