Hackers have stolen personal data in Singapore belonging to some 1.5 million people, or about a quarter of the population, officials say.
They broke into the government health database in a “deliberate, targeted and well-planned” attack, according to a government statement.
Those targeted visited clinics between 1 May 2015 and 4 July of this year.
Data taken include names and addresses but not medical records, other than medicines dispensed in some cases.
“Information on the outpatient dispensed medicines of about 160,000 of these patients” was taken, the statement says.
“The records were not tampered with, ie no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.”
The data of Prime Minister Lee Hsien Loong, including information on his outpatient dispensed medicines, was “specifically and repeatedly targeted”. Mr Lee has survived cancer twice.
Singapore, a wealthy city state, prides itself on its stability and security.
How were systems breached?
It appears that a computer belonging to SingHealth, one of the state’s two major government healthcare groups, was infected with malware through which the hackers gained access to the database.
They struck some time between 27 June and 4 July, according to the government.
SingHealth has temporarily banned staff from accessing the internet on all 28,000 of its work computers, according to the Straits Times.
The move is aimed at plugging leaks from work e-mails and shared documents as well as guarding against possible cyber-attacks.
Other public healthcare institutions are expected to do the same.