Singapore Minister Says Breach May Have Been State-Linked

Singapore’s Cabinet Minister for Communications and Information S. Iswaran said on Monday (Aug. 6) that the cyberattack that infiltrated 1.5 million health records in the country last month may have come from attackers who are state-linked.

According to a report in Associated Press citing comments made in Parliament, the cabinet minister said the cyberattack on SingHealth records was the work of an “advanced persistent threat” group. Those groups who conduct carefully planned cyberattacks to steal information or disrupt operations are usually state-linked, the minister said.

Although Iswaran would not specify which state he thinks is behind the attack, he did say that other advanced persistent threat groups include the hackers that breached the U.S. Democratic National Committee and stole more than 20 million personnel records from the United States Office of Personnel Management. The DNC hack was blamed on Russia, while the other one was blamed on China, noted the AP.

The SingHealth attack was the country’s most serious breach, noted Iswaran. He said that while it is impossible to completely remove the risk of more hacks, the government is doing its best to strengthen its cybersecurity. “Ensuring cybersecurity is a ceaseless battle, like our battle against terrorism. It involves changing technology and sophisticated perpetrators who are constantly developing new techniques and probing for fresh weaknesses,” he said.

Late last month, Singapore experienced a major cyberattack on its health database. The personal information of 1.5 million individuals was reportedly stolen in the incident. A statement from the government at the time said that “investigations by the Cyber Security Agency (CSA) of Singapore and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack.” The joint statement from the Ministry of Communications and Information and the Health Ministry said that “it was not the work of casual hackers or criminal gangs.”

Patients who went to clinics over a period ranging from May of 2015 to July 4 of 2018 had information of a non-medical nature accessed and duplicated. And the hackers had another target: They “specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines,” according to the statement.