Hackers searched for PM Lee's records using his NRIC number

SINGAPORE - Hackers that infiltrated the SingHealth database had specifically searched for Prime Minister Lee Hsien Loong's personal data and outpatient prescription records using his NRIC number.

He was one of the three people who were targeted in specific queries made to the database using their identity card numbers.

The other two were not named though they are not known to be VIPs, according to the testimony of one witness on Monday (Sept 24), the second day of the public hearing to investigate the SingHealth cyber attack.

The hearings are held before a Committee of Inquiry (COI) convened in private on July 24 to inquire into the events contributing to the breach, which took place between June 27 and July 4 this year.

The four-member COI, which is headed by former chief district judge Richard Magnus, held its first hearing behind closed doors on Aug 28.

The SingHealth cyber attack - the worst of its kind in Singapore, which compromised the personal data of 1.5 million patients - led to the leakage of outpatient prescription information of 160,000 people, including PM Lee and several ministers.

During the hearing on Monday, three employees from Integrated Health Information Systems (IHiS) gave evidence on what had gone on behind the scenes when the attack was detected.

One of them, Mr Chai Sze Chun, an assistant lead analyst in IHiS' service delivery division, said a number of queries had been run on the Sunrise Clinical Manager database between June 26 and July 8.

These started off as reconnaissance on the database, before the person made direct queries on three NRIC numbers. One of these belonged to PM Lee; the other two belonged to "non-VIPs".

The rest of the queries made were more general and related to patient demographic data, Mr Chai said.

For example, one query sought to retrieve the first 20,000 records of patient demographics from the Singapore General Hospital.

The high-level COI heard on the first day of the hearing last Friday that part of the problem leading to the attack was a lack of situational awareness and a tardy response.

This article was first published in The Straits Times. Permission required for reproduction.