SingHealth breach: No one taking responsibility

SingHealth group chief executive Ivy Ng's comment to the Committee of Inquiry (COI) report was disappointing on several counts.
SingHealth group chief executive Ivy Ng's comment to the Committee of Inquiry (COI) report was disappointing on several counts.PHOTO: ST FILE

The almost blase tone of the SingHealth group chief executive Ivy Ng comment to the Committee of Inquiry (COI) report was disappointing on several counts (Probe report on SingHealth data breach points to basic failings; Jan 10).

She said: "Since the incident, we have reinforced the culture of personal ownership of cyber defence so that every staff is empowered to identify and report cyber-security threats."

• Since the breach last year, little has been said by the board or the CEO.

• Doesn't the release of the report warrant a press conference, so that the top management can field questions? It is disconcerting that, notwithstanding public pronouncements, no one at the top appears to be taking responsibility, even with the damning COI statement that "the IT cyber-security team could not even recognise a security incident".

The public deserves a more substantive response from those at the top, with an outline of the specifics of the steps that have been taken since the reported incident.

Danny Chow

A version of this article appeared in the print edition of The Straits Times on January 12, 2019, with the headline 'SingHealth breach: No one taking responsibility'. Print Edition | Subscribe