Singapore minister: Major cyberattack may be state-linked

SINGAPORE — A cyberattack that breached 1.5 million health records in Singapore has been attributed to sophisticated attackers who may be state-linked, a Cabinet minister said Monday.

S. Iswaran, minister for communications and information, said in Parliament that the government's detailed analysis of last month's cyberattack on SingHealth records found it was the work of an "advanced persistent threat" group.

Such groups comprise sophisticated cyberattackers and are typically state-linked groups "who conduct extended, carefully planned cyber campaigns, to steal information or disrupt operations," Iswaran said.

The attackers used tools that were advanced and sophisticated, "including customized malware that was able to evade SingHealth's anti-virus software and security tools," he said.

Citing national security reasons, Iswaran said he would not reveal which state was thought to be behind the attack.

Iswaran said other recent cyberattacks by such advanced persistent threat groups include the 2016 hacking of the U.S. Democratic National Committee and the 2014 theft of more than 20 million personnel records from the United States Office of Personnel Management.

The former was thought to be the work of Russia, while the later was blamed on China.

The SingHealth cyberattack occurred from June 27 to July 4, and specifically and repeatedly targeted the health records of Singapore Prime Minister Lee Hsien Loong. In the process, the personal particulars of 1.5 million patients — including the outpatient dispensed medical records of 160,000 — were accessed and copied.

Patients' information was not amended or deleted and the hackers did not have access to other records, such as diagnosis documents, test results or doctors' notes.

Iswaran said it was Singapore's most serious breach of personal data. While the country will "do our utmost to strengthen our cybersecurity," he cautioned that it was impossible to completely eliminate the risk of another such attack.

"Ensuring cybersecurity is a ceaseless battle, like our battle against terrorism. It involves changing technology and sophisticated perpetrators who are constantly developing new techniques and probing for fresh weaknesses," he said.

Singapore's government made the attack public on July 20, and four days later convened a Committee of Inquiry to look into the events and make recommendations by Dec. 31.

People also read these

Foreign doctors deem ill Chinese Nobel laureate OK to travel

Jul 9, 2017

Two foreign specialists who visited Liu Xiaobo say the cancer-stricken Nobel Peace Prize laureate...

China clamping down on use of VPNs to evade Great Firewall

Jul 20, 2017

China clamping down on use of VPNs to evade internet controls

The Latest: Death toll rises to 9 after typhoon hits China

Aug 24, 2017

Authorities and state media say the death toll from powerful Typhoon Hato in southern China has...

China says ex-top internet regulator under investigation

Nov 22, 2017

China's former top internet regulator and censor is being investigated by the ruling Communist...

Following Trump's report, China urges US to accept its rise

Dec 19, 2017

China's government has criticized President Donald Trump's decision to label Beijing a rival and...

AseanCoverage is a next-gen news site focusing exclusively on online news from South East Asia.

Contact us: sales[at]aseancoverage.com