California-based IT security provider Symantec said a group called Whitefly targeted SingHealth, saying it also tried to compromise Singaporean organisations or multinationals with a presence in the city-state since at least 2017.
Last year the personal details of 1.5 million people were stolen from a state-run health network, including the medical records of Prime Minister Lee Hsien Loong.
The hacking group was primarily interested in “stealing large amounts of sensitive information”, Symantec reported.
The cybersecurity firm said hacking into medical records or infrastructure, such as telecommunications networks, could provide valuable intelligence to foreign governments. It might also yield sensitive information that could be sold on the digital black market.
Brian Fletcher of the cyber-security firm said there were probably five to 20 hackers involved who were “extremely well resourced” and maybe a “state-sponsored espionage group”.
It did not identify any possible foreign powers responsible.
The health data hack was a reminder of the vulnerability of state-run databases as other governments seek to follow Singapore’s example and digitise services. Singapore has developed a network to enable medics in hospitals and clinics to access a central database of health records. That network was not involved in the 2018 hack.
“Identifying who or what organisation is directing or funding that activity is not in the scope or focus of what we do,” Fletcher told the media. “This level of attribution requires the substantial resources, time and access to information that is generally available only to law enforcement or government intelligence agencies.”
The cyberstudy said Whitefly usually tried to remain within an organisation for several months to steal large volumes of data.
“Exactly what they are using [the information] for really depends on who their sponsor is and how they are planning to operate,” Fletcher said.
The behaviour differed from that of a criminal group trying to steal data for profit, he added.
Symantec blamed Whitefly for other attacks in the UK, Russia and Asean. Last year, two Thai banks were hacked after a loan-request site was breached and the Malaysian central bank was targeted in a move to steal money through bogus wire transfers.
“They’re not your everyday smash-and-grab group; these guys are really good. They’re using … a combination of custom tools, commercial hacking tools … it’s not something you’d see in your everyday criminal group,” Fletcher said.
Singapore is a world leader in technology. Picture credit: Wikimedia