07 Feb 2019
1. The Committee of Inquiry (COI) has completed its investigations into the Cyber Attack on the Singapore Health Services Pte Ltd (SingHealth) database and released their report to Parliament. A copy of the public COI report can be downloaded from the Ministry of Communications and Information’s website (www.mci.gov.sg).
2. In its report, the COI made 16 recommendations to protect SingHealth’s and other public healthcare clusters’ patient database systems, and other public sector IT systems which contain large databases, from cybersecurity attacks. A summary of the 16 recommendations from the COI is attached in the Appendix for reference.
3. The COI’s recommendations range from essential cyber hygiene measures to more advanced measures, which can be pursued after a level of cybersecurity maturity has been attained. The Ministry has adapted the recommendations into a set of cybersecurity best practices, which would be applicable to all licensees under the Private Hospitals and Medical Clinics Act (PHMCA). The best practices are described in further detail in Annex A.
4. All licensees are strongly advised to review the COI’s recommendations and cybersecurity best practices and to implement relevant measures, where appropriate. These measures will help licensees safeguard and ensure the integrity of the personal and medical data within the medical records, so as to be compliant with the Private Hospitals and Medical Clinics Regulations (PHMCR) and the Personal Data Protection Act (PDPA).
5. Licensees are also strongly encouraged to be vigilant against constant and evolving cybersecurity threats, so as to ensure the security and integrity of electronic patient data and IT systems used by healthcare providers in Singapore.
6. Licensees may also refer to the following websites for more information on cyber security best practices and technical guidance:
- Cyber Security Agency(CSA) Go Safe Online at
https://www.csa.gov.sg/gosafeonline/resources/be-safe-online-handbook.
- Personal data Protection Commission(PDPC): - Guide to Securing
Personal Data in Electronic Medium (www.pdpc.org.sg)
https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Other-
Guides/guidetosecuringpersonaldatainelectronicmedium0903178d4749c8
844062038829ff0000d98b0f.pdf
7. The Ministry will also be working with the licensees in the coming year to
develop more specific cybersecurity requirements, tiered to its specific operating
environment and business model.
8. Please contact us at csadmin@moh.gov.sg if you have any questions or
clarifications.
Thank you.
ADJ ASSOC PROF (DR) RAYMOND CHUA
GROUP DIRECTOR, HEALTH REGULATION GROUP
FOR DIRECTOR OF MEDICAL SERVICES
The full document (together with Annex A and the Appendix) can be downloaded below:
- Letter: Download [.PDF, 329KB]
- Annex A: Download [.PDF, 213KB]
- Appendix: Download [.PDF, 290KB]