SINGAPORE: A four-member Committee of Inquiry (COI) to look into the SingHealth cyberattack, considered to be the most serious breach of personal data in Singapore’s history, was appointed on Tuesday (Jul 24).
Minister-in-charge of Cybersecurity S Iswaran said on Jul 20 he would convene a COI to investigate the incident, and the body will be chaired by retired chief district judge Richard Magnus.
AdvertisementOn Tuesday, the Ministry of Communications and Information gave more information on its makeup, saying he would be joined by three more members.
These include Mr Lee Fook Sun, chairman of Quann World, Mr T K Udairam, group chief operating officer of Sheares Healthcare Management and Ms Cham Hui Fong, assistant secretary-general of the National Trades Union Congress (NTUC).
In a statement, Mr Richard R Magnus said: "This is a responsibility that I take seriously. I will work with the COI members to ensure that we fully deliver on this important task which has been entrusted on us.”
[h=3]READ: SingHealth cyberattack: What you need to know[/h] AdvertisementAdvertisementThe COI was tasked to establish the events and contributing factors leading to the cybersecurity attack on SingHealth’s patient database system on or around Jun 27 this year, and the subsequent stealing of data from the network.
It will also look at how Integrated Health Information Systems and SingHealth responded, and recommend measures to enhance the incident response plans for similar incidents and measures to better protect SingHealth’s IT system against similar attacks.
With these findings, the committee is to also recommend measures to reduce the risk of such cybersecurity attacks on public sector IT systems which contain large databases of personal data including in the other public healthcare clusters, the press release said.
The COI will conduct private and public hearings, and is to submit a report on its findings and recommendations to Mr Iswaran by Dec 31, 2018, it added.
The minister, during his speech at the ministry’s annual workplan seminar on Tuesday, said the SingHealth cyberattack is an example of incidents that threaten to erode the “precious trust” in the institutions in Singapore, which has been “painstaking built up”.
“This incident was a deliberate and sophisticated attack that caused the most serious breach of personal data in Singapore’s history,” Mr Iswaran said. “But we were also fortunate because it could have been worse. We were fortunate that there was early detection in the exfiltration of data.”
He added that while the Government will do everything it can to strengthen its systems, it cannot completely eliminate the risk of another cybersecurity attack.
“That is the nature of this ongoing battle. The would-be attackers are constantly developing new capabilities even as we reinforce our IT systems,” he said.
He also reiterated his earlier message, as well as that of Prime Minister Lee Hsien Loong’s, that the incident, or any others like it, should not be allowed to derail Singapore’s Smart Nation plans.
“Digital is the way of the future,” Mr Iswaran said. “We must adapt ourselves to operate effectively and securely in the digital world, to deliver better public services, enhance our economic competitiveness and create opportunities for our enterprises and our people.”
In a response to Channel NewsAsia's queries on Tuesday, an MCI spokesperson said the Personal Data Protection Commission (PDPC) has been notified of the cyberattack incident and will investigate the matter.
SingHealth and Integrated Health Information Systems (IHIS) are corporate entities which are bound by the Personal Data Protection Act (PDPA), the spokesperson added.
"PDPC will take into account the Committee of Inquiry’s report in its determination/assessment of any appropriate action to be taken," the spokesperson said.
Let's block ads! (Why?)
More...