Investigations & Inquiries

IHiS terminates two employees, demotes one, fines seven following COI report on SingHealth cyber attack

Following the release of the full report on the SingHealth cyber attack last July by the Committee of Inquiry (COI) on Thursday (10 Jan), SingHealth’s information technology arm Integrated Health Information Systems Private Limited (IHiS) has decided to impose penalties on several staff members found to have been negligent in dealing with signals of potential cybersecurity breaches leading up to the …

Read More »

Failure of IHiS staff in key roles to respond promptly to potential security lapses, loopholes in database system setup led to major cybersecurity breach last July: COI on SingHealth cyberattack

Inadequate cybersecurity awareness and training, failure of IT staff in significant positions to respond promptly to and report about instances of security-related incidents, and loopholes in the SingHealth IT system’s setup were some of the key findings cited in the Committee of Inquiry (COI) report on the SingHealth cyberattack that took place in July last year. The COI on the …

Read More »

SingHealth cyberattack fiasco: Cybersecurity “a key feature,” not merely a “technical issue” or an “afterthought,” says CEO of CSA

The robustness or a lack thereof of a cybersecurity system should be viewed as a “key feature” of risk management, not as “an afterthought” and an issue that is exclusive to IT personnel, according to the chief executive officer of the Cyber Security Agency of Singapore (CSA). In his testimony before the Committee of Inquiry (COI) on the final day of …

Read More »

SingHealth cybersecurity fiasco: IHiS CEO urges staff members to cultivate a more proactive work culture in the face of cyberattacks

The SingHealth cybersecurity attack illustrates the crucial need for a proactive and communicative team, and that is why the absence of such qualities in the workplace culture at IHiS needs to be rectified thoroughly, said chief executive officer Bruce Liang. Testifying at the hearing before the Committee of Inquiry (COI) on the cyberattack on Thursday (1 Nov), Mr Liang said: “The …

Read More »

Alleged negligence of management regarding security loophole in SingHealth’s EMR system highlighted during COI public hearing

In a cross-examination that lasted more than two hours on Friday (28 Sep), deputy director at the Chief Information Officer’s Office at SingHealth Clarence Kua was probed by the Committee of Inquiry (COI) as to why he had overlooked an alleged security flaw in SingHealth’s Electronic Medical Records (EMR) in 2014. The sixth day of the public hearing witnessed Mr …

Read More »

SingHealth security officer: Multiple persistent log-in failures over few days not conclusive to raise alarm

At the Comittee of Inquiry hearing yesterday (26 Sep) on the recent SingHealth cyber attack incident, witnesses said they were apprehensive about raising false alarms of the security incidents. SingHealth’s cluster information security officer Wee Jia Huo testified that he understood “an incident must be confirmed before being reported” to the leader of the cyber-security governance department. “Even a few …

Read More »