SingHealth cyber attack: Committee of Inquiry to be convened, headed by retired judge Richard Magnus

A​bout 1.5 million patients, including Prime Minister Lee Hsien Loong​ ​and a ​few ministers, ​have had their personal data stolen. Some 160,000 people also had their outpatient prescriptions stolen.​
Minister for Communications and Information S. Iswaran (left) and Health Minister Gan Kim Yong at the press conference regarding the SingHealth cyber attack, on July 20, 2018. Mr Iswaran will convene a Committee of Inquiry to establish events and factors that caused the breach. ST PHOTO: MARK CHEONG
Hariz Baharudin
Indonesia Correspondent
Updated
Oct 09, 2018, 02:01 PM
Published
Jul 20, 2018, 05:29 PM

SINGAPORE - A high-level independent committee will be convened to get to the bottom of the major cyber attack on SingHealth's database, in the most serious breach of personal data here.

The incident, which compromised the particulars of about 1.5 million patients, including Prime Minister Lee Hsien Loong, has serious public health and safety implications, and a Committee of Inquiry (COI) will be convened to establish events and factors that caused the breach, said the Ministry of Communications and Information (MCI).

The COI, to be convened by Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, will be chaired by Mr Richard Magnus.

The former chief district judge and member of the Public Service Commission previously chaired the three-man COI that was formed to look into the Nicoll Highway collapse at a Circle Line MRT work site on April 20, 2004, which killed four workers.

The other members in the committee looking into the cyber attacks and its terms of reference will be announced at a later date, said MCI.

Among the tasks of the inquiry is to look into the response to the attack. It will also recommend measures to better manage and protect the IT systems of SingHealth and other public sector agencies against similar attacks.

The SingHealth breach, which is believed to be the result of a state-sponsored attack, involved the illegal access and copying of personal details of 1.5 million SingHealth patients who visited SingHealth's specialised outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018.

More On This Topic
SingHealth cyber attack: PM Lee and other ministers among 1.5 million patients whose records were stolen
SingHealth cyber attack: How to check if you are affected

Information stolen included the NRIC numbers, addresses, gender, race and date of birth of the patients.

In addition, information about medication dispensed to about 160,000 of the patients was also stolen, including that of Mr Lee's. The data was stolen from June 27 to July 4, 2018.

The attackers had specifically and repeatedly targeted Mr Lee's records.

Other incidents that have been investigated by such high-level committees include the Little India riots in December 2013, and the series of train disruptions on the North-South MRT Line in December 2011.

Related Stories
SingHealth database hackers have targeted other systems here since at least 2017: Symantec
Data leaks are serious business and other lessons to learn from SingHealth breach
Tiered model of Internet access being considered for public healthcare sector, says Gan Kim Yong
11 critical sectors to shore up defences in response to SingHealth COI report: Iswaran
Singapore's privacy watchdog fines IHiS $750,000 and SingHealth $250,000 for data breach
Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair
COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief
SingHealth COI: Communication problems hampered data breach response, says expert witness

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top