You are here
72 HealthHub accounts suspected hacked; Singapore e-service shut down for 6 days
ABOUT 70 HealthHub accounts are suspected to have been hacked recently, prompting a six-day shutdown of the government e-service in early October.
The attack on HealthHub - a gateway to citizens' medical records, prescriptions and clinic appointments - came on the heels of a cyber attack on SingHealth in June. That attack led to Singapore's biggest data breach, involving the personal data of 1.5 million SingHealth patients.
In a statement on Thursday, the Health Promotion Board (HPB) and Integrated Health Information Systems (IHiS) said they started investigations after a user reported that her e-mail account had been used to access the portal without her authorisation.
IHiS - an agency that manages the IT systems of all public healthcare institutions, including the HealthHub portal - then discovered unusual increased traffic to HealthHub on Sept 28 and Oct 3, 8 and 9.
Log-in attempts were made with more than 27,000 unique e-mail addresses, of which 72 accounts were legitimate. These 72 accounts were also suspected to have been breached.
Nevertheless, IHiS and HPB said there was "no evidence of a breach in the HealthHub system".
Also, illegal access was limited to the basic tier of HealthHub, which contains users' self-populated profiles and any Healthpoints accumulated through participation in HPB programmes.
Access to other e-services requires SingPass' two-factor authentication, and thus, more sensitive information such as people's medical data and prescriptions was not exposed.
The 72 compromised accounts were locked. The HPB has contacted the account-holders to alert them of the suspected unauthorised access, and advise them on how they can unlock their accounts and reset passwords.
As a precautionary measure, access to the HealthHub mobile app and website was suspended from Oct 9 to 14. Access to the HealthHub mobile app and website has since been restored.
THE STRAITS TIMES