On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”.
The unprecedented cyber attack on SingHealth’s patient database system led to the exfiltration of 1.5 million patients’ personal data and nearly 160,000 patients’ outpatient prescription records.
The commission received several complaints from members of the public regarding this data breach and commenced its investigations thereafter.