In another serious data breach attempt, multiple unauthorised log-in attempts were detected on the Health Promotion Board’s (HPB) HealthHub portal over four days, revealed the board today.
After receiving feedback from a user who suspected that her email account has been used without her authorisation to log into the portal, HPB galvanised into action and conducted an investigation.
HPB found out that a "higher than usual" number of attempted log-ins was made on four days – September 28, October 3, October 8 and October 9. The attempts were made with more than 27,000 unique IDs and emails.
Although 98 per cent of the email addresses used were not related to existing HealthHub accounts and the log-in attempts were unsuccessful, 72 accounts were successfully logged in during those time periods.
“The unusual log-in attempts and access were limited to the basic tier of HealthHub, which contains a user's profile, as well as Healthpoints accumulated through participation in HPB programmes. Other e-services require a SingPass and two-factor authentication, and were unaffected,” said HPB.
The 72 accounts that were successfully logged in were subsequently locked. HPB contacted the account holders to inform them of the suspicious activity, and to check if they had made the attempts themselves.
Access to HealthHub e-services and the mobile app were suspended from October 9 to October 14 as a precautionary measure, and has since been restored, HPB said.
Notably, HPB owns the HealthHub portal and is being operated by Integrated Health Information Systems (IHiS), which runs the IT systems of all public healthcare systems in Singapore.
Singapore’s health system was targeted with the most serious breach of personal data in the country’s history as 1.5 million SingHealth patients’ records were accessed and copied while 160,000 of those had their outpatient dispensed medicines’ records taken.
The personal data taken from the 1.5 million patients included their names, NRIC numbers, address, gender, race and date of birth. The Committee of Inquiry was formed to investigate the matter.