Singapore to Pass Comprehensive Health Data Law
Wednesday, December 13, 2023
On December 4, 2023, Singapore’s Ministry of Health (Ministry) announced that the nation’s first ever comprehensive health data law, the Health Information Bill (Bill), will be introduced in mid-2024.
A set of Cyber & Data Security Guidelines for Healthcare Providers (Guidelines) was also published. Of particular importance is that these Guidelines will frame and eventually be imposed as regulatory requirements under the Bill.
The healthcare sector has been identified as among the top three targets of cyber attacks. Ransomware and phishing are especially pervasive, with more than one ransomware case reported every three days to the Cybersecurity Authority of Singapore. This statistic is not only representative of Singapore, but appears to be experienced in other parts of the globe. In August 2023, a major healthcare provider in the United States suffered a ransomware attack that compromised its network of 17 hospitals and 166 outpatient clinics across various states, with about 500,000 personal data records being exposed on the dark web, including social security numbers, medical profiles, financial and legal information. Critically, the incident also caused a complete suspension of its clinical operation services.
It is against this backdrop that the Guidelines aim to provide much-needed, urgent guidance and regulatory certainty to healthcare providers as to the requirements for securing the confidentiality, integrity and availability of health information against unauthorized access and other risks. Noting the surge in cyber threats and security risks amplified by increasing digitalisation in the healthcare industry, there is a greater need to address their impact on patient safety and care quality, beyond just privacy and confidentiality. Breaches can also be extremely costly, insofar as they involve recovering affect...