Did PM Lee predict the massive Singhealth data hack four years ago?

3529
 

As public uproar over the massive Singhealth data breach rages on, some have pointed out that Singapore Prime Minister Lee Hsien Loong may have predicted what has become the biggest data hack in the nation’s history, four years ago.

In launching the Smart Nation Programme in 2014, PM Lee made certain remarks about the state of cyber-security in Singapore that seem quite curious in the aftermath of the Singhealth data hack that has affected at least 1.5 million patients, whose personal information and medical records have been stolen.

PM Lee and his predecessor, now-Emeritus Senior Minister Goh Chok Tong, are among the victims of the data breach which was revealed to the public about half a month after it was discovered.

Hearkening to his National Day Rally speech in 2014, PM Lee spoke about why it is imperative that Singapore adopts ‘smart nation’ initiatives to keep itself ahead of the competition. Specifically citing the extensive patient database employed in local hospitals, PM Lee said that this database is among the best in the world and is one of the early initiatives that the Government has taken on in its journey to transform Singapore into a smart nation.

He then promised to strengthen IT security measures and assured the audience that he will ensure that sensitive information like medical data is not stolen and will be protected against hacker attacks. Asserting that he will take a personal interest in the Smart Nation Programme, the head of government said:

“It is vital that we have secure systems that we can trust, not just preventing credit card numbers from being stolen, but protecting ourselves from malicious attacks where there is hacking or Distributed Denial of Service attacks, you know what that is.
“Whether is it malware that infects our computers which steals sensitive information or possibly threatens critical infrastructure if it gets into the hospital IT systems, patients can die, if it gets into our power system, our power grid can be brought down, if it gets into our airport system, we can have a very serious problem.”

PM Lee, however, admitted that he does not think cyber security duties are as strong as the Government would like to be. Acknowledging that Singapore’s cyber systems “will never be completely impregnable,” PM Lee promised that his Government will undertake measures to raise cyber security levels here:

“…it is not a laughing matter, we take it seriously; we already have cyber security duties residing in Ministry of Home Affairs and the Infocomm Development Authority. But I do not think that they are as strong as we would like them to be.
“We need to reorganise them, to strengthen our system and our institutions. We are studying how best to do that, to protect our Government systems, including the Smart Nation sensor systems, against cyber-attacks. But also outside the Government, other critical systems like in telecoms, banking and energy sectors.
“You will never be completely impregnable, but I think we need to be secure and as safe as we can be. That means within the Government we need the system and outside the Government we must reach out to the companies and individuals, to raise your security awareness in order to create a secure and trusted ICT network.”

It has been four years since the PM made these promises. Four years on, the Singhealth data breach has resulted in the medical data of 1.5 million patients being compromised, with about 160,000 of these patients having their outpatient prescriptions stolen, as well.

Given PM Lee’s observations four years ago that a medical data hack would be devastating to Singapore and his years-old promises that the authorities will undertake measures to strengthen cyber-security, several questions now arise with the Singhealth data breach.

What were the cyber-security strengthening measures that were implemented in the last four years? Were these measures installed only within government databases? Did this latest data breach occur because these measures were not enforced on Singhealth since it is a private company?

It remains to be seen whether the Committee of Inquiry will raise these questions and unearth the answers to these questions in their probe.