Skip to main content

Advertisement

Advertisement

Govt has taken ‘appropriate action’ against SingHealth cyber attacker: Iswaran

SINGAPORE — In the face of calls by Members of Parliament (MPs) to disclose the identity of the SingHealth cyber attacker, Communications and Information Minister S Iswaran reiterated the Government’s reasons for not doing so but said it has taken “appropriate action” against the culprit.

Mr Iswaran did not elaborate on the action taken against the attacker, but said the Government will not publicly identify the party due to national security reasons.

Mr Iswaran did not elaborate on the action taken against the attacker, but said the Government will not publicly identify the party due to national security reasons.

Follow TODAY on WhatsApp

SINGAPORE — In the face of calls by Members of Parliament (MPs) to disclose the identity of the SingHealth cyber attacker, Communications and Information Minister S Iswaran reiterated the Government’s reasons for not doing so but said it has taken “appropriate action” against the culprit.

Public confidence that justice has been served should not be affected because of the withholding of the identity, he said in Parliament on Tuesday (Jan 15).

Mr Iswaran did not elaborate on the action taken against the attacker, but said the Government will not publicly identify the party due to national security reasons.

He had told Parliament in August last year that an Advanced Persistent Threat group was behind the breach. It refers to sophisticated cyber attackers, usually state-linked, who conduct extended and carefully planned cyber campaigns to steal information or disrupt operations.

The authorities have been “transparent” about the cyber attack on Singapore’s largest public healthcare cluster and have taken measures to demonstrate this — from the appointment of a Committee of Inquiry (COI) and the release of its findings, to actions taken against individuals and organisations.

“Why do we do that? … We want Singaporeans to understand that we’ve got nothing to hide here. We want to get to the bottom of it as much as Singaporeans do,” said Mr Iswaran. 

“That is the totality of our response. I don’t think we should reduce whether we have confidence in the sense of justice to just one specific point — that there is no public attribution of the perpetrator.”

The COI’s report was also released to the public, save for findings pertaining to sensitive national security matters and patient confidentiality.

“Everything else is out there, unvarnished, stark… I think we can hold ourselves up to the best practices and standards in terms of how we responded,” Mr Iswaran said.

He was responding to several MPs who requested that more light be shed on the authorities’ decision to not reveal the identity of the cyber attacker. Sembawang GRC MP Vikram Nair called it the “elephant in the room”.

Pioneer MP Cedric Foo said that while the rigorous investigation by the COI has helped restore some public confidence, without the disclosure of the attacker’s identity, “there seems to be a vacuum as far as the sense of justice (is concerned)”.

While he understood what the MPs wanted, Mr Iswaran said the Government has to consider if public attribution would best serve Singapore’s interest.

He said the Cyber Security Agency has been monitoring the dark web and has found no evidence that any stolen data has made its way there.

This was in response to Hougang MP Png Eng Huat, who asked how the authorities can prevent the affected patients from being victims of scams in future.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.