Unauthorised log-in attempts made to HPB’s HealthHub portal of Singapore

In another serious data breach attempt, multiple unauthorised log-in attempts were detected on the Health Promotion Board’s (HPB) HealthHub portal over four days, revealed the board today.

After receiving feedback from a user who suspected that her email account has been used without her authorisation to log into the portal, HPB galvanised into action and conducted an investigation.

HPB found out that a "higher than usual" number of attempted log-ins was made on four days - September 28, October 3, October 8 and October 9. The attempts were made with more than 27,000 unique IDs and emails. 

Multiple unauthorised log-in attempts were detected on the Health Promotion Board’s (HPB) HealthHub portal over four days. Photo courtesy: HealthHub
Multiple unauthorised log-in attempts were detected on the Health Promotion Board’s (HPB) HealthHub portal over four days. Photo courtesy: HealthHub

Although 98 per cent of the email addresses used were not related to existing HealthHub accounts and the log-in attempts were unsuccessful, 72 accounts were successfully logged in during those time periods.

“The unusual log-in attempts and access were limited to the basic tier of HealthHub, which contains a user's profile, as well as Healthpoints accumulated through participation in HPB programmes. Other e-services require a SingPass and two-factor authentication, and were unaffected,” said HPB.

The 72 accounts that were successfully logged in were subsequently locked. HPB contacted the account holders to inform them of the suspicious activity, and to check if they had made the attempts themselves.

Access to HealthHub e-services and the mobile app were suspended from October 9 to October 14 as a precautionary measure, and has since been restored, HPB said.

Notably, HPB owns the HealthHub portal and is being operated by Integrated Health Information Systems (IHiS), which runs the IT systems of all public healthcare systems in Singapore.

Singapore’s health system was targeted with the most serious breach of personal data in the country’s history as 1.5 million SingHealth patients’ records were accessed and copied while 160,000 of those had their outpatient dispensed medicines’ records taken.

The personal data taken from the 1.5 million patients included their names, NRIC numbers, address, gender, race and date of birth. The Committee of Inquiry was formed to investigate the matter.

Author
CtoI News Desk
CtoI News Desk – CtoI

Singapore-headquartered online media company targeting Indian Diaspora across Singapore, US, UK and Dubai. Connected to India covers developments around Indians abroad, informing, engaging and entertaining its audiences.

Comments
Poll

Which service do you use to transfer money for personal use to India?

  • Bank Transfer
  • Remittance services
  • Paypal
  • Wire Transfer services like Western Union, Remit2India
  • International Money Order
Answer
Write your story

Contribute an Article

Learn more