As early as 2016, some SingHealth employees' data such as e-mail addresses and passwords had already been shared on the dark Web, with some attempts made to illegally access SingHealth servers.

Israeli cyber security firm CyberInt detected the illicit activities, and also picked up more dark Web chatter about the possibility of hacking SingHealth in April this year, this time from an Indochina-based threat actor, says its chief executive Amir Ofek.