Cyber Incident Victim: Eye & Retina Surgeons Singapore

On August 6, 2021, Eye & Retina Surgeons Singapore experienced a sophisticated ransomware cyber-attack targeting its Camden Medical branch. The breach compromised servers and multiple computer terminals, resulting in unauthorized access to personal and clinical data of over 73,000 patients. Exposed information included patients’ full names, residential addresses, national identification card numbers, contact details, and clinical records. Financial data such as credit card or bank account details remained unaffected. The clinic confirmed no impact on its other branches or clinical operations, with IT systems subsequently restored securely. Attackers infiltrated administrative networks but failed to access active medical records due to network segregation, as patient care data resided on a separate cloud-based system.

Eye & Retina Surgeons initiated incident response protocols by progressively notifying affected patients starting August 26, 2021. The clinic reported the breach to Singapore’s Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT). Its IT team collaborated with the Cybersecurity Agency of Singapore (CSA) and the Ministry of Health (MOH) to investigate the attack’s origins and perpetrators. Monitoring revealed no evidence of compromised data being published publicly. MOH confirmed the breached systems operated independently from its networks, including the National Electronic Health Record, and affirmed no prior similar incidents targeting its infrastructure. The ministry announced plans to reinforce cybersecurity advisories to licensed healthcare institutions, emphasizing system hardening and patient data protection. Eye & Retina Surgeons reiterated its commitment to patient confidentiality while maintaining segmented network defenses as a core security measure.