A complete Q&A for all the questions you might have regarding the cyberattack on SingHealth

Questions and Answers.

Nyi Nyi Thet | Jeanette Tan | July 20, 2018, 07:38 PM

The database of Singapore’s largest group of healthcare institutions, SingHealth, was earlier this month compromised in what the government is describing as a “major cyberattack” — the largest, in terms of the number of particulars stolen.

Here are some answers to questions you might have.

Q: What happened?

A: A major cyberattack, the largest in terms of number of personal particulars stolen.

Q:What was stolen?

A: Mostly non-medical personal particulars (name, NRIC number, address, gender, race, and date of birth), 1.5 million patients to be exact.

But information of 160,000 patients' outpatient dispensed medicines were also exfiltrated in the attack. Even though the aforementioned details were stolen, the government says none were tampered with, modified in any way or deleted.

Q: What was NOT stolen?

A: Technically, almost everything else. Diagnoses, test results, doctors’ notes, and billing information. Personal and family medical histories (apart from the 160,000 patients’ outpatient dispensed medicine).

Q: What does exfiltrated mean?

A: An atas term for stolen.

Q: How many are affected?

A: About 1.5 million patients — including Prime Minister Lee Hsien Loong and a few ministers  — who visited SingHealth’s specialist outpatient clinics and polyclinics.

Q: Which polyclinics are Singhealth polyclinics?

A: Bedok, Bukit Merah, Marine Parade, Outram, Pasir Ris, Punggol, Sengkang, Tampines. Geylang and Queenstown Polyclinic which used to be part of SingHealth.

Q: Whoa, wait, the PM's info was stolen?

A: Yes. His info was specifically and repeatedly targeted. However, initial investigations have revealed his info has not been used or sold online by anyone yet.

Q: When did the attacks happen?

A: The attacks occured between June 27, 2018 and July 4, 2018.

Q: Who did this?

A: The whole operation is considered too complex for any one person or group, which might point to a country being involved, the authorities have said they know the origin country of the attack.

Q: So which country?

A: Dunno, it hasn't been revealed for operational security reasons.

Q: What do I do now?"

A: You can got to Singhealth, using this link.

You can enter your Singpass and check whether you're affected. Be warned, the sheer volume of the people trying to check might sometimes make it hard to check.

Q: When did they find out about the attack?

A: They found out on July 4, at which point, further malicious activities were observed heightened monitoring, no further data was stolen.

Q:What did they do once they found out

A: The attack was confirmed about a week later (on July 10), and reported to the police on the same day.

Q: What are they going to do now?

A: MCI said that the Government "will take immediate action to strengthen our IT systems against similar cybersecurity attacks."

The Cyber Cecurity Agency will also work closely with all 11 key sectors to enhance the cybersecurity of their Critical Information Infrastructure systems.

Q: Has any other Government systems been affected?

A: According to MCI, a scan of all government systems found no evidence of compromise. And any other information kept in SingHealth’s, as well as other public healthcare IT systems, has not been compromised.

More questions, and answers, coming soon.