Table of contents exchange of letters with the minister executive summary


Appointment and members of the Committee



Download 5.91 Mb.
View original pdf
Page15/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   11   12   13   14   15   16   17   18   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
1.2
Appointment and members of the Committee
2. Given the extraordinary nature of the incident, the Minister-in-Charge of
Cybersecurity, Mr S Iswaran, appointed a committee of inquiry (the
Committee”) under Section b) of the Inquiries Act (Cap. A, 2008 Revised Edition) (the “Inquiries Act”) on 24 July 2018 to inquire into the events and contributing factors leading to the cyber attack on SingHealth’s patient database system.
3. The Committee comprises four members, appointed by Minister Iswaran for their expertise in legal, technical, healthcare, and management fields. The Chairman of the Committee, Mr Richard Magnus, is a retired Senior subsequently termed Chief) District Judge and is currently a member of the Public Service Commission. The other members are Mr Lee Fook Sun, Chairman of Ensign InfoSecurity Private Limited Mr T K Udairam, Group Chief Operating



COI Report – Part I
Page 2 of 425

Officer of Sheares Healthcare Management Private Limited and Ms Cham Hui
Fong, Assistant Secretary-General of the National Trades Union Congress.
1.3
Terms of reference
4. The Committee’s terms of reference (“TORs”) are to
1. Establish the events and contributing factors leading to the cybersecurity attack on SingHealth’s patient database system on or around 27 June 2018, and the subsequent exfiltration of patient data therefrom
2. Establish how the Integrated Health Information Systems Private Limited (“IHiS”) and SingHealth responded to the cybersecurity attack
3. Recommend measures to enhance the incident response plans for similar incidents
4. Recommend measures to better protect SingHealth’s patient database system against similar cybersecurity attacks
5. In light of the cybersecurity attack and the findings above, recommend measures to reduce the risk of such cybersecurity attacks on public sector IT systems which contain large databases of personal data, including in the other public healthcare clusters
6. Conduct itself in accordance with the provisions of the Inquiries Act, with the discretion to determine which, if any, parts) of the inquiry shall beheld in public, and consider the evidence put before the Committee as led by the Attorney-General or his designates and



Download 5.91 Mb.

Share with your friends:
1   ...   11   12   13   14   15   16   17   18   ...   329




The database is protected by copyright ©ininet.org 2024
send message

    Main page