COI hearings on SingHealth cyber attack from Aug 28

Hearings by a Committee of Inquiry will review the cyber attack on public hospital cluster SingHealth, which is considered to be the worst cyber beach in Singapore's history.
Hearings by a Committee of Inquiry will review the cyber attack on public hospital cluster SingHealth, which is considered to be the worst cyber beach in Singapore's history.ST PHOTO: SYAMIL SAPARI

Hearings will be held in public unless they affect national security or patient confidentiality

Hearings by a Committee of Inquiry (COI) looking into the cyber attack on public hospital cluster SingHealth will begin on Aug 28.

The hearings will be held in public unless they could affect national security or patient confidentiality. However, the Aug 28 session will be held behind closed doors.

Solicitor-General Kwek Mean Luck has been designated by the Attorney-General to lead evidence in the inquiry into Singapore's worst cyber breach. It had compromised the personal particulars of about 1.5 million patients, including Prime Minister Lee Hsien Loong's personal data and outpatient prescriptions.

Mr Kwek told the COI that some aspects of the investigations have been completed, and the Attorney-General's Chambers (AGC) will be ready to lead evidence from the first witness.

The COI, convened on July 24 to inquire into the events and contributing factors leading to the breach, disclosed the new developments in a statement yesterday. It said hearings will be held behind closed doors if necessary in the interests of national security, where "the evidence may be exploited to carry out further cyber attacks, or where patients' personal data may be revealed".

Expert witnesses will be called by the COI to give evidence on cyber-security measures and hygiene, said its secretariat. The COI will receive public submissions and advise people when and how to submit them. It will also conduct a site visit to SingHealth to be briefed on the network architecture of the affected IT systems and the cyber-security measures before the attacks, which took place between June 27 and July 4. Singaporeans were told about the breach on July 20.

The COI is headed by former chief district judge and current member of the Public Service Commission Richard Magnus.

 
 
 
 

The other COI members are Mr Lee Fook Sun, executive chairman of cyber-security solutions firm Quann World; Mr T.K. Udairam, group chief operating officer of healthcare technology firm Sheares Healthcare Management; and Ms Cham Hui Fong, assistant secretary-general of the National Trades Union Congress.

The COI held its first administrative meeting on July 25, the same day Mr Magnus met Mr Kwek and discussed the appointment of investigators to help the COI investigate matters relevant to the inquiry.

At the first pre-inquiry conference yesterday, Mr Kwek informed the COI that the Public Prosecutor had appointed an investigation team, to be led by the Cyber Security Agency and supported by the Criminal Investigation Department, to probe any matter relevant to the inquiry.

Agreeing on the need for thorough investigations, Mr Magnus accepted Mr Kwek's request for time to investigate fully the matters set out in the terms of reference, and directed the Solicitor-General to update the COI on the investigations at the next pre-inquiry conference.

The AGC has taken part in leading evidence in past COI hearings, such as the probe into the riot in Little India in December 2013.

 
A version of this article appeared in the print edition of The Straits Times on August 08, 2018, with the headline 'COI hearings on SingHealth cyber attack from Aug 28'. Print Edition | Subscribe