The first hearing by a high-level panel examining Singapore's worst cyber attack takes place today.
The four-member Committee of Inquiry (COI), tasked to get to the bottom of the breach involving the private data of 1.5 million SingHealth patients, will meet behind closed doors at a location that has not been disclosed.
This is because information affecting national security or involving patient confidentiality is expected to be shared.
The Attorney-General's Chambers will lead evidence from the first witness, but it is not known who will take the stand today. The AGC has led evidence in past COI hearings, such as the probe into the riot in Little India in December 2013.
Speaking to The Straits Times yesterday, Mr Cedric Foo, chairman of the Government Parliamentary Committee for Communications and Information, said the objectives are very clear. He expects the COI to shed light on what led to the data leak, and how the public healthcare sector can strengthen its responses and defences in future.
"There is also an ongoing police investigation and an investigation by Singapore's data privacy watchdog," he said. "The public expects the investigations to be robust and the outcomes communicated in a transparent manner."
Specifically, the Personal Data Protection Commission is looking into whether there were security lapses by SingHealth and its technology outsourcing vendor Integrated Health Information Systems (iHiS), and whether they are liable for a fine of up to $1 million under the Personal Data Protection Act.
The SingHealth attack also led to the leakage of outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong and several ministers.
Mr Aloysius Cheang, Asia-Pacific executive vice-president of the Centre for Strategic Cyberspace + Security Science, a London-based think-tank, said the public should be given regular updates on the milestones achieved on protecting critical infrastructure.
"The industry is an important stakeholder as part of the cyber security ecosystem and should be allowed to participate actively in improving the way we do things," said Mr Cheang.
The COI, headed by former chief district judge Richard Magnus, convened on July 24 to inquire into the events and contributing factors leading to the breach which took place between June 27 and July 4.
The Cyber Security Agency (CSA) received a report on the breach on July 10. It looked into the SingHealth attack with support from the Criminal Investigation Department.
Singaporeans were told about the breach on July 20.
The other COI members are Mr Lee Fook Sun, executive chairman of cyber-security solutions firm Quann World; Mr T.K. Udairam, group chief operating officer of healthcare technology firm Sheares Healthcare Management; and Ms Cham Hui Fong, assistant secretary-general of the National Trades Union Congress.