Executive
Summary xvii III. Implementation of recommendations 20.
IHiS and SingHealth should give priority to implementing the recommendations. Adequate resources and attention must be devoted to their implementation, and there must be appropriate oversight and verification of their implementation.
Most importantly, implementation of the recommendations requires effective and agile leadership from senior management, and necessary adjustments to organisational culture, mindset, and structure.
21. These imperatives apply equally to all organisations responsible for large databases of personal data. We must recognise that cybersecurity
threats are hereto stay, and will increase in sophistication, intensity, and scale.
Collectively, these organisations must do their part in protecting Singapore’s cyberspace, and must be resolute in implementing these recommendations.
COI Report – Part I
Page
1 of
425 Part I – Introduction 1 APPOINTMENT AND TERMS OF REFERENCE OF THE COMMITTEE OF INQUIRY 1.1 Introduction 1. From around 23 August 2017 to 20 July 2018, a cyber attack (the “
Cyber Attack”) of unprecedented scale and sophistication was carried out on the patient database of Singapore Health Services Private Limited (“
SingHealth”). The database was illegally accessed and the personal particulars of almost 1.5 million patients,
including their names, NRIC numbers, addresses, genders, races,
and dates of birth, were exfiltrated over the period of 27 June 2018 to 4 July 2018.
159,000 of these 1.5 million patients also had their outpatient dispensed medication records exfiltrated. The Prime Minister’s personal and outpatient medication data was specifically targeted and repeatedly accessed.
Share with your friends: 
