According to the timeline announced during the press conference on 20 July about the now infamous SingHealth hack which saw the data of 1.5 million Singaporeans (including the Prime Minister of Singapore) stolen, “unusual activity” was already detected in SingHealth’s servers as early as 4 July 2018. As of 10 July 2018, the Integrated Health Information System (IHiS) had already confirmed that a cyber attack had taken place. On the same day of the confirmation, IHiS officially informed SingHealth, the Ministry of Health and the Cyber Security Agency of Singapore of the data security breach.
What I am therefore incredulous to see on The Straits Times is a photo dated 12 July 2018 of our Minister for Defense, Ng Eng Hen and his wife, Ivy Ng, who is incidentally the CEO of SingHealth in France! Looking at the timeline, it is clear that as of 12 July 2018, she was already aware of the security breach. As the head of SingHealth, why was she still in France posing for photos with her husband? Shouldn’t she be on the very next available flight home to provide leadership in what is the largest ever security breach in the history of Singapore?
While we know that SingHealth was officially informed of the cyber breach on 12 July 2018, it remains unclear whether or not key personnel of SingHealth (which would include Ivy Ng) was told in advanced. If she was told beforehand, I find it utterly appalling that she would still be in France when the story broke!
As the head of the organisation that is going through such a crisis, what kind of example is she showing to her staff by being millions of miles away? What kind of accountability and responsibility is she displaying? A severe security breach has occurred under her watch and yet she is showing no signs of urgency in another country? As they say, a picture paints a thousand words and this one paints a picture of callous disdain for the position in which she holds.
In the commission of inquiry that has been convened to investigate the security breach, I wonder if they will also take an in-depth look at the attitudes and performance of the staff leading up to the attack. If so, they will have to examine the conduct of Ivy Ng. While this is pure speculation on my part, her seeming lack of concern could also be evidence of her lackadaisical attitude towards the responsibility that comes with her position. Is it due to some sort of oversight caused by carelessness that resulted in this breach in the first place?
Looking at the timeline and the incriminating European photograph, I wonder if the power couple dynamic has led to some in power taking their positions for granted.