The government hasn't revealed any details about the people or groups who may be behind this cyberattack on the digitalized state.
MOH officials said this was not the work of casual hackers or criminal gangs but a deliberate and well-planned attack that sought to gather health information on the country's prime minister.
Around 1.5 million people who visited outpatient clinics from May 1 2015 to July 4 this year had their personal data accessed and copied, including names, identification card numbers, addresses, race, gender and dates of birth.
"Information on the outpatient dispensed medicines of about 160,000 of these patients" was taken, the statement says.
But in a news conference with local media, David Koh, chief executive of the Cyber Security Agency of Singapore, declined to discuss the perpetrators for security reasons.More news: Faith Evans and Stevie J's Wedding Blindsides and Hurts Friends and Family
A data breach in Singapore resulted in a quarter of the country's population having their information stolen.
In a Facebook post late on Friday night, SingHealth said: "We have been made aware that some people have received the fake text (SMS) message below".
It added that the government will take immediate action to strengthen our public sector IT systems and databases to prevent similar cybersecurity breaches like this, and the Committee of Inquiry will conduct an independent external review. SingHealth lodged a police report on July 12.
Initial investigations showed that a SingHealth front-end workstation was infected with malware through which the hackers gained access to the database.
No further data has been stolen since July 4.
Protective measures included resetting all user and systems accounts, placing additional controls on workstations and servers, setting up additional system monitoring controls, and temporarily imposing Internet surfing separation.More news: Iran files lawsuit against United States over sanctions
But authorities have put the brakes on these plans while they investigate the cyberattack.
"All patient records in SingHealth's IT system remain intact", MOH and MCI said.
Of course, I also knew that the database would be attacked, and there was a risk that one day despite our best efforts it might be compromised.
It is a significant breach reminiscent of one at the Office of Personnel Management (OPM) in the U.S., when more than 21 million federal government staff's records were stolen.
Major cyber attacks have been rare in Singapore, which has invested heavily in cyber security over the past decade.
PM Lee said that an investigation has been ordered to get to the bottom of this.More news: Thomas extends Tour de France lead with Alpe d'Huez win