4-member Committee of Inquiry convened to investigate SingHealth cyber attack

(Clockwise from top left) The committee will be headed by former chief district judge and current member of the Public Service Commission Richard Magnus. The other members are executive chairman of cyber security solutions firm Quann World, Mr Lee Fo
(Clockwise from top left) The committee will be headed by former chief district judge and current member of the Public Service Commission Richard Magnus. The other members are executive chairman of cyber security solutions firm Quann World, Mr Lee Fook Sun; group chief operating officer of healthcare technology firm Sheares Healthcare Management, Mr T.K. Udairam; and assistant secretary-general of the National Trades Union Congress, Ms Cham Hui Fong. PHOTOS: ST FILE, CHANGI GENERAL HOSPITAL, ST ELECTRONICS, NTUC.ORG.SG
Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, convened the Committee of Inquiry on July 24, 2018.
Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, convened the Committee of Inquiry on July 24, 2018.ST PHOTO: IRENE THAM

SINGAPORE - The authorities convened a four-member Committee of Inquiry (COI) on Tuesday (July 24) to examine SingHealth's cyber attack that led to the biggest data breach in Singapore.

The committee, headed by former chief district judge and current member of the Public Service Commission Richard Magnus, will also recommend ways to better safeguard public sector IT systems.

The other members of the COI are executive chairman of cyber security solutions firm Quann World, Mr Lee Fook Sun; group chief operating officer of healthcare technology firm Sheares Healthcare Management, Mr T.K. Udairam; and assistant secretary-general of the National Trades Union Congress, Ms Cham Hui Fong.

The committee will look into the following areas:

  • Establish the events and contributing factors leading to the attack on SingHealth's patient database on or around June 27, 2018, and the subsequent theft of patient data.
  • Establish how the Integrated Health Information Systems, the technology outsourcing arm of public hospitals here, and SingHealth responded to the cyber attack.
  • Recommend measures to better protect SingHealth's patient database system against similar attacks.
  • Recommend measures to improve response plans for similar incidents.
  • Recommend measures to better protect public sector IT systems which contain large databases.
  • Submit a report of its proceedings, findings and recommendations to Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, by Dec 31, 2018.

Said Mr Iswaran, who convened the COI: "It is an important step in getting to the bottom of the incident and keeping Singaporeans' trust in our systems."

 
 
 
 

He also emphasised that while the Government is doing everything it can to strengthen its systems, Singapore cannot completely eliminate the risk of another cyber attack.

"This is the nature of this ongoing battle. The would-be attackers are constantly developing new capabilities even as we reinforce our IT systems," said Mr Iswaran at the MCI Workplan Seminar held at Orchard Hotel on Tuesday.

At the yearly seminar, MCI charts its directions that will take Singapore into the digital future.

"It is also crucial that we do not allow this incident, or any others like it, to derail our plans for a Smart Nation," he added.

The SingHealth attack, announced last Friday, compromised the personal particulars of about 1.5 million patients, including Prime Minister Lee Hsien Loong's personal data and outpatient prescriptions.

Mr Magnus had previously chaired the three-man COI that looked into the Nicoll Highway collapse at a Circle Line MRT work site on April 20, 2004. Four workers were killed in the incident.

Other incidents that have been investigated by such high-level committees include the Little India riots in December 2013 and the series of train disruptions on the North-South MRT Line in December 2011.

In a statement on his role, Mr Magnus said: "This is a responsibility that I take seriously. I will work with the COI members to ensure that we fully deliver on this important task which has been entrusted on us."