Ministers do not come in pairs at press conferences, unless there is a big national initiative or a cabinet reshuffle that has to be announced from the Istana.

So when Ministers Gan Kim Yong and S Iswaran arrived together on a Friday late afternoon, and were flanked by the top men from the Ministries of Health and Communication (Permanent Secretary Chan Heng Kee and Gabriel Lim), it was clear whatever they were going to announce would be serious.

" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="allowfullscreen">

And it was.

The database of Singapore’s largest group of healthcare institutions, SingHealth, was earlier this month compromised in what Gan described as a “very serious and unprecedented, massive cyberattack” — the largest-ever in Singapore’s history, in terms of the number of particulars stolen.

As a result, the names, IC numbers, addresses, gender, race and dates of birth of some 1.5 million patients — including Prime Minister Lee Hsien Loong, Emeritus Senior Minister Goh Chok Tong and potentially a few other ministers — in SingHealth’s database were stolen and copied.

[related_story]

Information on the outpatient dispensed medicines of about 160,000 of these patients was also stolen.

So what can we make out of this unfortunate incident so far? Below are three observations:

1. The government made the right decision to separate its computer systems from the Internet last year.

When The Straits Times first broke the news in 2016 that all computers used officially by public servants in Singapore will be air-gapped (cut off from the Internet) from May in 2017, the government met with much ridicule online.

Including us.

And we continued to laugh.

In fact, Prime Minister Lee Hsien Loong stepped in a day later to clear the air on why the move was necessary.

He revealed that he asked to be "volunteer number one", and he started on this since the beginning of 2016, keeping one computer for work and email, and another to access the Internet:

"We have become completely dependent on our IT systems… and we have to make sure that our system is secure. We can’t get infiltrated, data cannot be stolen, somebody can’t come in and wipe out your data or cause some other mischief".

PM Lee said while the move will slow day-to-day productivity, it was necessary to safeguard citizens’ data and Singapore’s security.

He further elaborated to TODAY,

“So what I have done, I have an email system, I set up another one, which is for internet browsing, and between the two you have what people call an air gap separation, meaning, this is one system, that’s one system. They don’t talk to each other. And hopefully no information can jump over from one side to another or from this side to that.”

In retrospect, SingHealth and the public healthcare clusters would have been less susceptible to state-sponsored cyberattacks if there is such an internet separation.

But it could have been worse. If the (Integrated Health Information System) IHiS’ database administrators did not act immediately to halt the unusual activity on one of SingHealth’s IT databases, perhaps more sensitive information would have been lost.

One of the first moves announced by Gan at the press conference was that SingHealth would separate its work systems from the Internet at midnight Friday (July 20).

In fact, staff at all public healthcare clusters will have their Internet access temporarily delinked by next week, to tighten security.

Sorry, Infocomm Development Authority (IDA) / GovTech, you guys have been proven right.

2. The government is prudent not to name names.

The ministers and senior civil servants were asked repeatedly by the media who the perpetrators are.

While the media got creative with their questions -- whether the act was a crime or whether diplomats have been called, or whether Singapore is working with other governments to solve the case -- David Koh, Chief Executive of Cyber Security Agency merely repeat the following line: "this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs".

How many times did Koh say this line?

Probably 1.5 million times. (okay, we're exaggerating. It may be 1.499 million times fewer than he estimated).

A populist government or politician (cough... Trump.. cough) would have just revealed the country, blame it on the country, and rally its citizens against the said country.

However, the ministers insisted that the government will not reveal this for “operational security reasons”, and the civil servants had indicated that they know who — or at least which country — was responsible for the attack.

In fact, The Straits Times, after speaking to cyber-security experts, indicated that state-sponsored hackers could well have been behind the attack, speculating that "there are very few states capable of carrying out such an operation - among them, China, the United States and Russia". 

3. Some Singaporeans did the "Operationally Ready" thing. But most just got on with their lives.

There was no widespread panic, even when some mischievous anarchists decided to spread misinformation.

In a fake text message, they tricked recipients into thinking their personal data, telephone numbers, financial details and medical records had all been accessed:

But 139,000 patients deserved a clap.

When they first heard news about the cyberattack on Friday, they accessed the Health Buddy mobile app and its website to check if they are affected.

Like Singapore Armed Forces (SAF) personnel on stand-by, they reacted promptly on Friday evening and Saturday morning, in fact almost jamming the site with their heavy usage.

SingHealth also shared yesterday that there were more than 4,800 calls from patients and members of the public enquiring about the cyberattack, and they also received close to 750 emails on the topic.

For those who did not know what was going on, SingHealth has done the right thing in sending more than 700,000 SMS messages to the affected patients, with the rest of the SMSes to be sent over Sunday and Monday. 

In other words, most Singaporeans just got on with their lives — although at the same time, there does seem to be a general awareness that such things will in all likelihood be occurring more frequently.

So here's a hint to the foreign government that seems to be trying to disrupt our lives.

This is a yellow card for you.

Don't try this again.

Because we will be even more ready professionally and psychologically the next time.

More information about this cyberattack:

Top photo: screenshot via Gov.Sg YouTube