SingHealth’s IT system containing patient personal particulars and information on outpatient dispensed medicines has been the target of a major cyberattack. Forensic investigations have confirmed that this was a deliberate, targeted and well-planned cyberattack, and not the work of casual hackers or criminal gangs.
We have lodged a Police report on the incident, and the matter is currently under Police investigation.
We apologise for the anxiety caused. Please rest assured that additional cybersecurity measures have been implemented to safeguard patients' data.
SingHealth was alerted by our IT partner IHIS who runs the IT systems for the public healthcare institutions. They detected that there was unusual activities on one of our IT databases. They took immediate action to halt the activities and investigated the incident to ascertain the nature of these activities. They also put in place additional precautionary cybersecurity measures immediately. There was no further illegal data access thereafter. We have lodged a police report and a police investigation is ongoing.
The information illegally accessed and copied were:
We would like to assure you that no phone number or other patient medical records such as diagnosis, test results or doctors’ notes or financial information were breached. There is no impact to care as all medical records were not affected and not altered.
All records in SingHealth's IT system remain intact - there were no modifications or deletions to patient records. Your medical care will not be affected and there is no disruption to our services.
The following SingHealth institutions were impacted:
Please contact us at email@example.com or call our dedicated enquiry line: 6326-5555 (9am to 9pm).
We are sorry that this deliberate, targeted and well-planned cyberattack had happened despite the safeguards we have put in place. We apologise unreservedly for causing our patients anxiety.
We take a serious view of this incident. We took immediate actions to stop the breach, and have put in place additional cybersecurity measures to enhance the security of our IT systems.
The information on basic personal particulars, such as those that have been illegally accessed and copied are not sufficient to complete any financial or key Government e-transactions as these would require physical verification or two-factor authentication (2FA) online verifications. However, you are advised to heighten online vigilance and secure your online credentials with strong passwords.
We would like to assure that no contact numbers were illegally access in this cyberattack. If you suspect that you may be a victim of a scam, you may wish to report your experience to the Police anti-scam helpline 1800-7226688.
We would be happy to address your concerns, please contact us at firstname.lastname@example.org or call our dedicated enquiry line: 6326-5555 (9am to 9pm)
You will receive one of these SMSes depending on how you are affected by the cyberattack:
Case 1: You are
not affected by the cyberattack
Case 2: Your
non-medical personal particulars were accessed but not altered.
Case 3: Your
non-medical personal particulars and outpatient dispensed medicines were accessed but not altered.
Please note that SingHealth is notifying patients by SMS or letter only. We will NOT call you unless you have called us asking for a call back.
Subscribe to our mailing list to get the updates to your inbox