SingHealth cyber-attack: 2 iHiS officials to provide evidence during first COI public hearing

SingHealth polyclinic
SingHealth polyclinic Reuters

Singapore has faced the most serious cyber breach of personal data between June and July 2018. Now, two officials from Health Ministry's IT arm took a stand at the first of public hearings for the Committee of Inquiry (COI) on Friday in order to look into the cyber-attack on SingHealth.

The assistant director (Infra Services — Systems Management) at the Integrated Health Information Systems (IHiS), Lum Yuan Woh will be the first to provide the evidence, his colleague and a database administrator with iHiS Katherine Tan will give the rest.

Kwek Mean Luck, the Solicitor-General will lead the evidence in the inquiry process of the cyber breach. In the opening statement, he said that the focus of this inquiry is not on fault-finding but it is on probing and learning to identify areas, which would "strengthen the defences of our organisations against future cyber-attacks."

The COI secretariat said on Thursday evening that the first of the six-session hearing, which is open to the public, will take place over the coming fortnight.

As reported by There are witnesses, who are expected to testify the evidence in coming sessions include the Health Ministry's chief information officer, the Cyber Security Agency of Singapore and other SingHealth and iHiS staffs. As per Kwek's statement, a few cybersecurity experts are also asked to submit evidence to the committee. The evidence, which will include how the high profile cyber-attack could happen.

SingHealth cyber-attack:

Earlier, investigators found that between June 27 and July 4 a deliberate cyber attack was conducted and as per Cyber Security Agency of Singapore (CSA), 160,000 patients' records as well as details about their visit to the SingHealth's specialist outpatient clinics and polyclinics between May 1, 2015, and Jul 4, 2018, including Prime Minister Lee Hsien Loong's personal particulars and information of his outpatient dispensed medicines, were accessed and copied by the hackers.

Minister for Communications and Information S Iswaran said in Parliament last month that the hack was the work of an advanced persistent threat group that could be state-linked but, due to the national security reasons the Government would not take the name of the suspect.

The COI panel members and the task:

  • Retired senior judge Richard Magnus is the chair for the COI, first convened on July 24.
  • Cybersecurity firm Ensign InfoSecurity executive chairman Lee Fook Sun.
  • Group chief operating officer of healthcare technology firm Sheares Healthcare Management T K Udairam.
  • Assistant secretary-general of the National Trades Union Congress Cham Hui Fong.
  • COI is responsible to examine the events and contributing factors leading to the cyber breach on the public healthcare cluster's patient database system that occurred on or around June 27.
  • The first non-public hearing was held on Aug 28.
  • Some hearings would be held behind closed doors, or in camera, in the interests of national security.

Evidence to be presented:

  • Hackers gained access as early as August 2017 by infecting workstations.
  • The malware was spread from one computer to another with an "ultimate objective" of reaching the medical records database, CSA assessed.
  • The modus operandi of the attack looks similar to the profile of an Advanced Persistent Threat attack group that CSA had encountered earlier and finally identified the attackers.
  • The concerned officials did not disabled inactive accounts and that shows inadequacies in network monitoring.
  • The password for one local administrator account was "P@ssw0rd".
  • There were concerns over the impact of implementing Internet Surfing Separation.

Schedule of public hearing:

  • September 24: 2.00 pm – 6.00 pm
  • September 26: 9.30 am – 6.00 pm
  • October 2: 10.30 am – 6.00 pm
  • October 4: 9.30 am – 6.00 pm
  • October 5: 9.30 am – 6.00 pm
  • An updated schedule will be published by 6 pm daily at
This article was first published on September 21, 2018
Related topics : Cybersecurity