The setting up of a new committee to review and strengthen data security practices across the entire public service takes a whole-of-government approach to an issue that has become critical to Singapore. This is the proliferation of data-related incidents that could dent public confidence in the ability of computerised systems to withstand malicious attacks designed to reveal their vulnerability and, by extension, probe the state's ability to protect necessary secrets. In that context, the Public Sector Data Security Review Committee could not have come sooner. It will look into how data is collected and protected by agencies, vendors and authorised third parties, and recommend improvements.
Cyber attacks have become increasingly egregious. In 2017, the personal details of 850 national servicemen and staff at the Ministry of Defence were stolen, in a breach of Mindef's I-net system. No classified military information is stored on I-net, but the breach was a breach nonetheless. Last year, Singapore suffered its worst cyber attack when hackers stole the personal particulars of 1.5 million patients from the SingHealth database. Of those, 160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had data on their outpatient prescriptions stolen as well. In January this year, it was revealed that a foreigner had leaked the personal information of 14,200 HIV-positive individuals online. Last month, it was known that the personal information of more than 800,000 blood donors in Singapore, which had been put online improperly for more than two months, had been accessed illegally and possibly stolen.