COI into SingHealth cyberattack to hold more hearings

Members of the public will be called on to present their views on how to better protect SingHealth's patient database and large databases residing in public sector computer systems.
Members of the public will be called on to present their views on how to better protect SingHealth's patient database and large databases residing in public sector computer systems.ST PHOTO: SYAMIL SAPARI

SINGAPORE - A tranche of hearings, some of which will be open to the public, will start from next Friday (Sept 21) as the four-member Committee of Inquiry (COI) investigates the breach involving the private data of 1.5 million SingHealth patients.

The hearings, lasting two weeks until Oct 5, will be held at Court 5A of the Supreme Court.

Details of which hearings will be private or public, and the respective dates, will be provided in the coming days.

Some members of the public, including cyber security experts, may be called on to present their views on several matters, including ways to better protect SingHealth's patient database and the large databases residing in public sector computer systems.

They have been invited to submit their written representations, and indicate whether they are willing to appear before the COI to give evidence. Also among the views being solicited are ways to enhance future responses to similar incidents.

During the hearings, they may be asked to take the stand for the COI to seek clarification on their written representations.

The COI, headed by former chief district judge Richard Magnus, convened in private on July 24 to inquire into the events and contributing factors leading to the breach, which took place between June 27 and July 4.

 
 
 
 

The first hearing by the high-level panel examining Singapore's worst cyber attack took place behind closed doors on Aug 28.

The hearing was held in private at an unspecified location because information affecting national security or involving patient confidentiality was shared.

The Attorney-General's Chambers (AGC), which presented evidence from the first witness, will continue to lead evidence in subsequent hearings.

The AGC has presented evidence in previous COI hearings, such as the probe into the riot in Little India in December 2013.

The SingHealth cyber attack also led to the leaking of outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong and several ministers.

Members of the public with personal data related concerns are urged to contact the Personal Data Protection Commission (PDPC).

The PDPC is already looking into whether there were security lapses by SingHealth and its technology outsourcing vendor Integrated Health Information Systems, and whether they are liable for a fine of up to $1 million under the Personal Data Protection Act.

Written submissions must be emailed to coi_secretariat@mci.gov.sg by 5pm on Oct 31.