SINGAPORE: A Committee of Inquiry (COI) report into the SingHealth cyberattack, considered to be the most serious breach of personal data in Singapore’s history, was submitted to Minister-in-charge of Cybersecurity S Iswaran on Monday (Dec 31).
In a letter to the minister, the four-member COI said the report covered the assessment of the evidence, findings, attribution of the attack, as well as priority and additional recommendations.
READ: Improve staff awareness of cybersecurity, better incident response proposed as SingHealth COI ends
"This report contains sensitive information, and is hence classified 'Top Secret'," said the COI, adding that the contents of the report were the unanimous view of its members.
A public version of the report will be published on Jan 10.
In a response addressed to COI chairman Richard Magnus, Mr Iswaran said the report gave a "thorough account" of the events and contributory factors which led to the attack.
"The committee has also examined in great detail the responses to the incident, and submitted a comprehensive set of recommendations to better manage and secure the IT systems of SingHealth, as well as those of other public healthcare clusters and the public sector, against similar attacks," he said in the letter.
Mr Iswaran acknowledged that the report was the result "of an extensive fact-finding process and rigorous inquiry over the past five months".
The COI had held 22 days of hearings which involved 37 witnesses giving evidence, said the minister, adding that more weeks were also spent deliberating and finalising the report.
"On behalf of the Government, I would like to express my deepest gratitude to you and the members of COI, the COI secretariat, the State Counsel and investigation teams for your heard work and dedication," said Mr Iswaran.
"The Government takes cybersecurity with utmost seriousness," he said.
"We will carefully study the COI's detailed findings and recommendations, and issue a response in January 2019," he added.
Mr Iswaran added that the government "will learn from this incident" and take measures to further strengthen its public sector IT systems, and uphold the trust of Singaporeans.
The minister in a separate Facebook post said that he and Health Minister Gan Kim Yong will respond to the COI report in Parliament in January.
The COI is made up of retired chief district judge Richard Magnus, Mr Lee Fook Sun, chairman of Quann World, Mr T K Udairam, group chief operating officer of Sheares Healthcare Management and Ms Cham Hui Fong, assistant secretary-general of the National Trades Union Congress (NTUC).
It was tasked to establish the events and contributing factors leading to the cyberattack on SingHealth’s patient database system on or around Jun 27 this year, and the subsequent stealing of data from the network.