The culprits behind the massive cyberattack on SingHealth’s database were likely acting on the orders of a nation-state, according to a cybersecurity expert.
The attack, which resulted in the theft of 1.5 million patients’ records, seemed to target the data of Singapore Prime Minister Lee Hsien Loong. Investigations launched by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHIS) determined that the “deliberate, targeted and well-planned” breach was not engineered by casual hackers or small-time criminal gangs.
According to Eric Hoh, Asia-Pacific president of cybersecurity firm FireEye, the SingHealth attack was quite different from the run-of-the-mill cyberattacks that aim to sell stolen data or use it for ransomware.
Stolen medical records of high-ranking government officials such as PM Lee can be used to “coerce” the person into revealing sensitive information or to give in to other demands, Hoh told Channel News Asia.
According to Hoh, the SingHealth attack is likely the work of a nation-state actor.
“This was an advanced persistent threat (APT) and the nature of such attacks are that they are conducted by nation states using very advanced tools,” he said.
Furthermore, the perpetrator(s) repeatedly tried to access the SingHealth database even after being detected. According to Hoh, this is a “typical signature” of a nation-state actor.
Lee said that he does not know the motives of the people behind the attack.
“Perhaps they were hunting for some dark state secret, or at least something to embarrass me,” Lee said in a Facebook post. “If so, they would have been disappointed.
“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it,” he added.