The Department of Health said there has been an unauthorised login to its system and promotional SMS messages unrelated to its services were sent to some 2,700 patients of its dental clinics.
The department said it is investigating the information security incident. It said it observed abnormal activities where unusual messages were sent to the patients through its SMS portal.
The incident was discovered during a regular review of transaction logs.
The department said subsequent investigation revealed that there was an unauthorised login to one of its user accounts on September 14.
“According to the preliminary investigation, there was no downloading of personal data involved. The risk of leakage of personal information is likely to be minimal,” it said.
The department said the account concerned and its SMS services have been suspended until further notice.
The incident was reported to the police and the Office of the Government Chief Information Officer. The department said a report will be made to the Office of the Privacy Commissioner for Personal Data on Thursday.
The department urged patients not to respond to any suspicious SMS messages or click on any dubious links received via SMS.
Members of the public can contact the department at 2970 5955 during office hours if they received an SMS reminder from the dental service in the past two weeks and wished to make further enquiries.
“The Department of Health attaches great concern to this incident and will step up information security for the portal, with additional security measures to be implemented by the service provider before resumption of the SMS service,” it said.
The department has also asked the service provider to submit an investigation report on the incident and will review existing information security measures to avoid similar incidents in the future.