Source: Channel NewsAsia screengrab video.

Lee Hsien Loong: knew that the database would be attacked and there was a risk, unfortunately that has now happened

The Prime Minister of Singapore has voiced out on his Facebook page in response to what it likely to be the worst case of cyber-attack in Singapore, with 1.5 million patients having their personal particulars stolen from the Singhealth’s database.

PM Lee noted in his Facebook post on Friday evening that he is personally affected, “and not just incidentally” as his own medication data had been targeted by the attackers repeatedly.

“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.” write PM Lee.

He added that when SingHealth digitised its medical records, they had asked him whether to computerise his own personal records too, or to keep his in hardcopy for security reasons. He stated that he asked to be included and explained that going digital will enable his doctors to treat him more effectively and in a timely manner. He also expresses confidence that SingHealth would do their best to protect his patient information, just as it did for all their other patients in the database.

But in light of what has transpired, PM Lee wrote, “Of course, I also knew that the database would be attacked, and there was a risk that one day despite our best efforts it might be compromised. Unfortunately that has now happened.”

PM Lee emphasised that the security and confidentiality of patient information is a top priority and he has ordered the Cyber Security Agency of Singapore – CSA and the Smart Nation and Digital Government Group (SNDGG) to work together with the Ministry of Health, Singapore to tighten up their defences and processes across the board.

“We are convening a Committee of Inquiry to look thoroughly into this incident. It will doubtless have valuable conclusions and recommendations, which will help us do better.” wrote PM Lee

He goes on to state, “This will be a ceaseless effort. Those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying. Government systems come under attack thousands of times a day. Our goal has to be to prevent every single one of these attacks from succeeding. If we discover a breach, we must promptly put it right, improve our systems, and inform the people affected.”

“This is what we are doing in this case. We cannot go back to paper records and files. We have to go forward, to build a secure and smart nation.” wrote PM Lee.

However with the revelation of this major cyber-attack,  the plans by the Ministry of Health to push through its proposed Healthcare Services Bill will probably be affected as the bill will have all patients’ specified health data from licensed medical providers to be contributed to the National Electronic Health Record (NEHR) by default. Even for those patients who do not wish for their records to be accessed via the NEHR can only opt out but have their information uploaded to the NEHR, but with access blocked.