A Public Sector Data Security Review Committee has been convened by the Prime Minister’s Office (PMO) in the wake of several cybersecurity breaches involving public healthcare databases in recent months, the latest being the data leak involving over 800,000 blood donors by a Health Sciences Authority vendor.

The HSA database breach is the third cybersecurity breach concerning public healthcare databases in Singapore that has been reported thus far in recent months, following the HIV registry leak and Singapore’s largest cyberattack to date, the SingHealth data breach involving the particulars of around 1.5 million patients, including those of Prime Minister Lee Hsien Loong.

PMO added in its statement on Sun (31 Mar) that its “comprehensive review” of data security practices across the entire public service sector will include examining “measures and processes related to the collection and protection of citizens’ personal data by public sector agencies, as well as by vendors who handle personal data on behalf of the Government”.

“This review”, said PMO, “will help to ensure that all public sector agencies maintain the highest standards of data governance”.

Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean has been appointed as the Chairperson of the Committee, who will lead the Committee comprising “private sector representatives with expertise in data security and technology, as well as Ministers involved in Singapore’s Smart Nation efforts”, namely Vivian Balakrishnan, S Iswaran, Chan Chun Sing, and Janil Puthucheary.

Mr Teo is also the Minister-in-charge of Public Sector Data Governance, according to PMO.

The Committee has been tasked to conduct the following measures:

  • Reviewing the Government’s methods of securing and protecting citizens’ data from end-to-end, including the role of vendors and other authorised third parties;
  • Recommending technical measures, processes and capabilities to improve the government’s protection of citizens’ data, and response to incidents; and
  • Developing an action plan of immediate steps and longer term measures to implement the recommendations.

PMO added that the Committee will be assisted by “international experts and industry professionals, from both the private and public sectors”, in addition to “an inter-agency taskforce formed by public officers across the Whole-of-Government”.

Previously, said PMO, “the Government has progressively enhanced security measures to safeguard sensitive data”, including implementing the Internet Surfing Separation policy in 2016 and disabling USB ports from being accessed by unauthorised devices in 2017.

Additionally, PMO highlighted that “the Government has also increased the number and types of internal IT audits to check on agencies’ data access and data protection measures”.

“Nevertheless, the Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector,” added PMO.

“This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data. The work of this Committee will complement our efforts to achieve our Smart Nation vision,” PMO assured.

The Committee’s findings and recommendations will be submitted to Prime Minister Lee Hsien Loong by 30 Nov this year.