SingHealth cyber attack: Committee of Inquiry to be convened, headed by retired judge Richard Magnus

SPH Brightcove Video
A​bout 1.5 million patients, including Prime Minister Lee Hsien Loong​ ​and a ​few ministers, ​have had their personal data stolen. Some 160,000 people also had their outpatient prescriptions stolen.​
Minister for Communications and Information S. Iswaran (left) and Health Minister Gan Kim Yong at the press conference regarding the SingHealth cyber attack, on July 20, 2018. Mr Iswaran will convene a Committee of Inquiry to establish events and factors that caused the breach. ST PHOTO: MARK CHEONG

SINGAPORE - A high-level independent committee will be convened to get to the bottom of the major cyber attack on SingHealth's database, in the most serious breach of personal data here.

The incident, which compromised the particulars of about 1.5 million patients, including Prime Minister Lee Hsien Loong, has serious public health and safety implications, and a Committee of Inquiry (COI) will be convened to establish events and factors that caused the breach, said the Ministry of Communications and Information (MCI).

The COI, to be convened by Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, will be chaired by Mr Richard Magnus.

The former chief district judge and member of the Public Service Commission previously chaired the three-man COI that was formed to look into the Nicoll Highway collapse at a Circle Line MRT work site on April 20, 2004, which killed four workers.

The other members in the committee looking into the cyber attacks and its terms of reference will be announced at a later date, said MCI.

Among the tasks of the inquiry is to look into the response to the attack. It will also recommend measures to better manage and protect the IT systems of SingHealth and other public sector agencies against similar attacks.

The SingHealth breach, which is believed to be the result of a state-sponsored attack, involved the illegal access and copying of personal details of 1.5 million SingHealth patients who visited SingHealth's specialised outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018.

Information stolen included the NRIC numbers, addresses, gender, race and date of birth of the patients.

In addition, information about medication dispensed to about 160,000 of the patients was also stolen, including that of Mr Lee's. The data was stolen from June 27 to July 4, 2018.

The attackers had specifically and repeatedly targeted Mr Lee's records.

Other incidents that have been investigated by such high-level committees include the Little India riots in December 2013, and the series of train disruptions on the North-South MRT Line in December 2011.

Join ST's Telegram channel and get the latest breaking news delivered to you.