In a public hearing before the Committee of Inquiry (COI) on Friday (21 Sep) regarding the SingHealth cyber attack, two employees from the information technology (IT) department of the Ministry of Health (MOH) revealed that they were in the dark as to what steps should be taken in the event of such an attack.

The two MOH IT staff noted in their testimony during the Committee’s first public hearing out of six that while there are existing guidelines regarding reporting such cybersecurity breaches, they were not adequately trained on how to manage such incidents themselves.

Database administrator with the Integrated Health Information Systems (IHiS) Ms Katherine Tan testified that she had alerted her supervisor, Ms Teresa Wu, to the cybersecurity breach while trying to shut down any ongoing activity in the electronic medical database.

In response, Ms Wu sent her a slide detailing the reporting framework, and directed her to refer to her colleagues who were dealing with the same issue in order to establish a consensus as to whether a report should be made, which Ms Tan had abided to.

However, Ms Tan said, “No one responded” to her query, adding that she “never followed up to press for an answer to the matter.”

Later on, up until the midnight of 5 Jul, she developed a script at home to combat and prevent more “unusual activity” from taking place in the system, adding that following the input of her script into the database, she was not notified of any further queries being made to the particular database, until approximately five days later when she was called upon to an “urgent meeting” at the IHiS headquarters regarding the incident.

“During the meeting of 9 Jul, the incident on 4 Jul was not yet considered by IHiS to be a cyber attack, although it was acknowledged to be a security incident,” said Ms Tan.

She was instructed on the following day to report to a war room set-up and to trawl the database — also known as the Sunrise Clinical Manager database — to monitor any failed log-in attempts that might have been made by the infiltrators whilst trying to hack into the IHiS database.

“No such framework was communicated to me either verbally or in writing. I was never provided with any training or briefing on (such a) framework,” Ms Tan said, adding that she also manages more than 50 other databases.

Assistant director in the systems management department of IHiS’ infrastructure division Mr Lum Yuan Woh confirmed Ms Tan’s account, saying that while he had knowledge of a framework, he noted that there was “no training or briefing” provided to him or any of his staff of seven people.

Referring to the failed log-in attempts into the Sunrise Clinical Manager database, he said that he had first noticed such activity on 11 Jun, which went on up to June 13. This observation was corroborated by Ms Tan. Both of them noted that the same activity was observed on 26 Jun, but was only truly detected on 4 Jul.

Mr Lum added that senior management, including SingHealth’s group chief information officer Benedict Tan, was notified only on 9 Jul, as he and his staff “did not think the (breach) would go beyond the local account,” and that initially, they were under the impression that it was not a “security incident,” but instead an “infrastructure incident”.

The attack was confirmed on 10 Jul. However, knowledge of the attack only went public ten days later.

Ms Tan is scheduled to continue her testimony in a closed hearing today (24 Sep).

Other key witnesses due to testify include chief information officer Bruce Liang from MOH, chief information security officer Chua Kim Chuan from MOH, and employees from MOH, SingHealth and IHiS.

The COI on the SingHealth cyber attack, which was dubbed as the largest data breach in Singapore’s history. was convened on 24 Jul.

Chaired by former Chief District Judge and current member of the Public Service Commission, Mr Richard Magnus, the COI comprises four members who were tasked to probe into the cybersecurity breach against SingHealth’s patients’ records in early July, which affected the personal medical data, such as the outpatient prescriptions of 1.5 million SingHealth patients, including that of Prime Minister Lee Hsien Loong.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

#FreeMyInternet protest – Speech by Remy Choo

Speech made by Remy Choo at Hong Lim Park on 8th June…

武吉知马高速公路一带 罕见野生水鹿出没!

武吉知马高速公路一带,出现四头罕见水鹿(Sambar Deer),被网友拍下。 据网友所述,网友在凌晨3点半左右时,开车经过武吉知马高速公路一带,陆续发现四头水鹿在该区游荡,但他只拍下了其中一头。 视频可见,当时水鹿正悠闲地在吃草,在发现网友的车子后,才匆忙逃走。 网友事后也发文表示,水鹿一般会在凌晨3点至5点,于万里(Mandai)和武吉班让(Bukit Panjang)的出现,可以在经过时将速度放慢,或许会看到它们。 网友也分享他的经验,指他是在武吉知马高速公路(BKE)与泛岛高速公路(PIE)的那一带看见水鹿。 我国野生水鹿少于20只 水鹿是一种哺乳类动物,其体型中等,幼年水鹿有斑点,而成年水鹿则为褐色,连臀部也不例外。 雄鹿有粗大的角,并分成三叉型,长达0.7米。 雌鹿则是雄鹿的三分之二体型。 目前,我国的野生水鹿预估少于20只,因此也成为我国相当弥足珍贵的动物。近年来陆续发生水鹿闯进车道,造成水鹿伤亡事故。…

William Farquhar did more for early Singapore than Raffles, says new bicentennial book

Major-General William Farquhar did more for the success of Singapore than Sir…

Warm conditions to continue for the rest of February 2019

The dry and warm weather experienced over Singapore and the surrounding region…