Committee of Inquiry into SingHealth cyberattack formed, report due Dec. 31, 2018

They get to decide if any part of the inquiry can be held in public.

Jonathan Lim | July 24, 2018, 07:49 PM

The Committee of Inquiry (COI) looking into the SingHealth cyberattack has been formed, and Minister-in-charge of Cybersecurity S Iswaran has announced its four members.

Huh? What cyberattack?

Just to get any of you in need of it up to speed:

Non-medical records of 1.5 million patients were stolen in what's being regarded as the most serious hacking in Singapore's history. The information of 160,000 patients’ outpatient dispensed medicines was also successfully taken in the attack — including Prime Minister Lee Hsien Loong's:

On Friday, as the news broke, Minister Iswaran said he would be convening a COI to examine how this happened and recommend what needs to be done on the government's part:

[related_story]

Here's who they are:

Chairman — Richard Magnus

He's a retired senior district judge, and a member of the Public Service Commission. He serves as chairman and board member of several public and private companies, and has also led two other COIs before:

  • 1992: investigation of a fire at the Sembawang Shipyard involving the ship tanker "M.T. Stolt Spur"
  • 2004: investigation of the cause of the Nicoll Highway collapse at the Circle Line MRT worksite

Lee Fook Sun

Lee is chairman of Quann World Pte Ltd. He sits on the boards of DSO National Laboratories, SMRT Corporation Ltd, and Great Eastern Holdings Limited. He's served as director of joint intelligence directorate, the military security department and also assistant chief of General Staff (Logistics) with MINDEF and the SAF before.

T K Udairam

He is Group Chief Operating Officer of Sheares Healthcare Management Pte Ltd. He sits on the boards of Tote Board and the Healthcare Information and Management Systems Society, and has more than four decades of healthcare experience here, particularly with the operation and management of hospitals.

He also was part of the team that developed and implemented Medisave.

Cham Hui Fong

Cham is Assistant secretary-general at the National Trades Union Congress (NTUC), and sits on the board of theCPF. She is an authority member of the Civil Aviation Authority of Singapore and has served on tripartite committees that address labour-related issues.

And here's what they've been asked to look into

There are a total of seven terms the COI is supposed to look into. They have till December 31, 2018. to submit their report.

Here are the terms:

1. Establish the events and contributing factors leading to the cybersecurity attack on Singapore Health Services Private Limited (SingHealth)’s patient database system on or around 27 June 2018, and the subsequent exfiltration of patient data therefrom;

2. Establish how the Integrated Health Information Systems Private Limited (IHiS) and SingHealth responded to the cybersecurity attack;

3. Recommend measures to enhance the incident response plans for similar incidents;

4. Recommend measures to better protect SingHealth’s patient database system against similar cybersecurity attacks;

5. In light of the cybersecurity attack and the findings above, recommend measures to reduce the risk of such cybersecurity attacks on public sector IT systems which contain large databases of personal data, including in the other public healthcare clusters;

6. Conduct itself in accordance with the provisions of the Inquiries Act, with the discretion to determine which, if any, part(s) of the inquiry shall be held in public, and consider the evidence put before the COI as led by the Attorney-General or his designates; and

7. Make and submit a report of its proceedings, findings and recommendations to the Minister-in-Charge of Cybersecurity by 31 Dec 2018.

Top photo by Martino Tan