Recommendations on cybersecurity wanted from public following SingHealth breach

The Committee of Inquiry (COI)  has called for the general public to provide recommendations on ways to handle cybersecurity attacks following the recent SingHealth data breach. This includes recommendations for terms of reference such as measures to enhance the incident response plans for similar incidents, and measures to better protect SingHealth’s patient database system against similar cybersecurity attacks. It also looks at ways to reduce the risk of such cybersecurity attacks on public sector IT systems.

The COI aims to inquire into the events and contributing factors that led to the cyber attack and the submissions of written representations will be closed by 31 October 2018, 5pm.  The COI will also be holding a tranche of hearings from 21 September to 5 October 2018 at Court 5A of the Supreme Court. Details of which hearings will be private or public and the respective dates thereof will be furnished in due course, the press statement read.

The COI will take into consideration submissions received for the purposes of the inquiry and also said that members of public with personal data related concerns in relation to the SingHealth cyber attack can contact the Personal Data Protection Commission, through its website.

The major cyberattack occurred on 4 July and infiltrated the SingHealth database containing over 1.5 million patient personal particulars and outpatient dispensed medicines. According to a joint press release from the Ministry of Communications and Information and Ministry of Health, information on approximately 160,000 outpatient dispensed medicines were retrieved. However, it was not tampered with.

Following the breach, SingHealth took measures to create a temporary surfing network for its staff to work on and other public healthcare institutions were reported to be taking the action as well. The statement added that no financial data, medical records and personal data of patients were accessed and it notified all patients along with an apology. The release also added that the main target of the cyberattack was Prime Minister Lee Hsien Loong as his personal information on his medical history was “repeatedly” accessed.