Safeguarding Health Data from Cyberattacks
Ministry of HealthSpeakers
Summary
This question concerns several parliamentary inquiries regarding the SingHealth cyberattack, focusing on data integrity, network security, and the safeguarding of the National Electronic Health Record system. Members of Parliament raised issues about investigation findings, lessons learned, the delay in public disclosure, and whether security measures have impacted patient consultation times at public hospitals. They further questioned the frequency of IT audits and the rectification measures implemented across various healthcare regions to prevent future breaches. Minister for Health Gan Kim Yong responded by requesting the Speaker’s permission to address these questions collectively in his subsequent Ministerial Statement. Permission was granted, allowing Minister for Health Gan Kim Yong to provide a consolidated response on the ministry's actions and future safeguards.
Transcript
The following question stood in the name of Dr Chia Shi-Lu –
13 To ask the Minister for Health with regard to the SingHealth cyberattack, how will the Ministry assess whether (i) the data have not been tampered with, (ii) subversive latent programmes have not infiltrated and been installed in SingHealth's network, and (iii) access to other Government networks has not been gained through SingHealth's system.
14 Ms Joan Pereira asked the Minister for Health (a) what steps will be taken to ensure that the data on the National Electronic Health Record (NEHR) system is protected from cyberattacks; (b) what systems are in place to determine whether medical records are tampered with; and (c) when there is a data leak or alteration of personal information or medical records, what will be done to safeguard the interests of patients whose data are in the record.
15 Mr Christopher de Souza asked the Minister for Health with regard to the recent hacking of SingHealth's IT system (a) what has been discovered in the investigations thus far; (b) what lessons are learnt; and (c) how will similar situations be avoided in the future.
16 Mr Ang Wei Neng asked the Minister for Health (a) when was the last audit, internal or external, conducted on the public SingHealth IT system, particularly in areas related to the patient database; (b) which are the public healthcare systems that use similar IT systems as that of SingHealth; (c) what are the immediate rectification measures taken by SingHealth and other healthcare groups under the Eastern, Western and Central regions.
17 Assoc Prof Daniel Goh Pei Siong asked the Minister for Health whether security measures implemented after the cyberattack on the SingHealth system have affected waiting time and consultation time at public hospitals and polyclinics.
18 Ms Sylvia Lim asked the Minister for Health whether he can elaborate on the reasons for the significant delay in informing the public of the cyberattack affecting SingHealth's database from the time the breach was discovered.
19 Mr Dennis Tan Lip Fong asked the Minister for Health (a) why were details of the cyberattack on the medical records of 1.5 million people under SingHealth's hospitals, speciality clinics and polyclinics not disclosed to the public earlier; (b) what measures have been taken to improve security since the cyberattack; and (c) what actions will be taken against the perpetrators of the cyberattack.
Mr Lim Biow Chuan (Mountbatten): Question No 13.
The Minister for Health (Mr Gan Kim Yong): Mr Speaker, may I have your permission to also take Question Nos 13 to 19 subsequently in my Ministerial Statement.
Mr Speaker: Please do. Dr Lim Wee Kiak.