CyberAttack on SingHealth IT System - Information for SingHealth Patients
How do I check if my data has been accessed?
This service allows you to personally check and find out directly if your data has been accessed in the recent cyberattack on SingHealth.
Frequently Asked Questions
A) INCIDENT RELATED
1. I heard that your IT system was hacked. What happened?
SingHealth’s IT system containing patient personal particulars and information on outpatient dispensed medicines has been the target of a major cyberattack. Forensic investigations have confirmed that this was a deliberate, targeted and well-planned cyberattack, and not the work of casual hackers or criminal gangs.
We have lodged a Police report on the incident, and the matter is currently under Police investigation.
We apologise for the anxiety caused. Please rest assured that additional cybersecurity measures have been implemented to safeguard patients' data.
2. How did SingHealth discover the breach/cyberattack?
SingHealth was alerted by our IT partner IHIS who runs the IT systems for the public healthcare institutions. They detected that there was unusual activities on one of our IT databases. They took immediate action to halt the activities and investigated the incident to ascertain the nature of these activities. They also put in place additional precautionary cybersecurity measures immediately. There was no further illegal data access thereafter. We have lodged a police report and a police investigation is ongoing.
3. What types of data were stolen?
The information illegally accessed and copied were:
a) Patient’s name, NRIC number, address, gender, race and date of birth.
b) Information on outpatient dispensed medicines from 1 May 2015 to 4 July 2018
We would like to assure you that no phone number or other patient medical records such as diagnosis, test results or doctors’ notes or financial information were breached. There is no impact to care as all medical records were not affected and not altered.
4. Will my medical care be affected?
All records in SingHealth's IT system remain intact - there were no modifications or deletions to patient records. Your medical care will not be affected and there is no disruption to our services.
5. Which healthcare institutions are affected?
The following SingHealth institutions were impacted:
- Singapore General Hospital
- Changi General Hospital
- Sengkang General Hospital
- KK Women’s and Children’s Hospital
- National Cancer Centre Singapore
- National Heart Centre Singapore
- Singapore National Eye Centre
- Bright Vision Hospital
- SingHealth Polyclinics (Bedok, Bukit Merah, Marine Parade, Outram, Pasir Ris, Punggol, Sengkang and Tampines).
- NHGP Geylang and NUP Queenstown which were part of SHP before re-clustering in 2018
6. How can I check if my child dependent is affected by the cyberattack?
Please contact us at firstname.lastname@example.org or call our dedicated enquiry line: 6326-5555 (9am to 9pm).
B) SECURITY & PRECAUTIONS
7. What is SingHealth doing to prevent this from happening again? Can you guarantee that it won’t happen again?
We are sorry that this deliberate, targeted and well-planned cyberattack had happened despite the safeguards we have put in place. We apologise unreservedly for causing our patients anxiety.
We take a serious view of this incident. We took immediate actions to stop the breach, and have put in place additional cybersecurity measures to enhance the security of our IT systems.
8. The people who stole my info - what harm can they do?
The information on basic personal particulars, such as those that have been illegally accessed and copied are not sufficient to complete any financial or key Government e-transactions as these would require physical verification or two-factor authentication (2FA) online verifications. However, you are advised to heighten online vigilance and secure your online credentials with strong passwords.
9. I encountered a scam call two weeks ago, is it related to this cyberattack?
We would like to assure that no contact numbers were illegally access in this cyberattack. If you suspect that you may be a victim of a scam, you may wish to report your experience to the Police anti-scam helpline 1800-7226688.
10. What precautions should I take to protect my information online?
- Secure your online credentials by using strong passwords, and change your passwords regularly
- Activate your 2-Factor Authentication (2FA) for key government e-transactions and banking transactions, if you have not done so
- Watch out for signs of phishing
11. Who can I contact if I have other questions/concerns?
We would be happy to address your concerns, please contact us at email@example.com or call our dedicated enquiry line: 6326-5555 (9am to 9pm)
C) HOW SINGHEALTH NOTIFIES OUR PATIENTS
12. How do I verify that the SMS I received from SingHealth is genuine?
You will receive one of these SMSes depending on how you are affected by the cyberattack:
Case 1: You are not affected by the cyberattack
Case 2: Your non-medical personal particulars were accessed but not altered.
Case 3: Your non-medical personal particulars and outpatient dispensed medicines were accessed but not altered.
13. Is SingHealth calling patients to inform them of their status?
Please note that SingHealth is notifying patients by SMS or letter only. We will NOT call you unless you have called us asking for a call back.