Current Affairs
SingHealth cybersecurity fiasco: IHiS employees in the dark on steps to take during cyber-attack due to inadequate training
In a public hearing before the Committee of Inquiry (COI) on Friday (21 Sep) regarding the SingHealth cyber attack, two employees from the information technology (IT) department of the Ministry of Health (MOH) revealed that they were in the dark as to what steps should be taken in the event of such an attack.
The two MOH IT staff noted in their testimony during the Committee’s first public hearing out of six that while there are existing guidelines regarding reporting such cybersecurity breaches, they were not adequately trained on how to manage such incidents themselves.
Database administrator with the Integrated Health Information Systems (IHiS) Ms Katherine Tan testified that she had alerted her supervisor, Ms Teresa Wu, to the cybersecurity breach while trying to shut down any ongoing activity in the electronic medical database.
In response, Ms Wu sent her a slide detailing the reporting framework, and directed her to refer to her colleagues who were dealing with the same issue in order to establish a consensus as to whether a report should be made, which Ms Tan had abided to.
However, Ms Tan said, “No one responded” to her query, adding that she “never followed up to press for an answer to the matter.”
Later on, up until the midnight of 5 Jul, she developed a script at home to combat and prevent more “unusual activity” from taking place in the system, adding that following the input of her script into the database, she was not notified of any further queries being made to the particular database, until approximately five days later when she was called upon to an “urgent meeting” at the IHiS headquarters regarding the incident.
“During the meeting of 9 Jul, the incident on 4 Jul was not yet considered by IHiS to be a cyber attack, although it was acknowledged to be a security incident,” said Ms Tan.
She was instructed on the following day to report to a war room set-up and to trawl the database — also known as the Sunrise Clinical Manager database — to monitor any failed log-in attempts that might have been made by the infiltrators whilst trying to hack into the IHiS database.
“No such framework was communicated to me either verbally or in writing. I was never provided with any training or briefing on (such a) framework,” Ms Tan said, adding that she also manages more than 50 other databases.
Assistant director in the systems management department of IHiS’ infrastructure division Mr Lum Yuan Woh confirmed Ms Tan’s account, saying that while he had knowledge of a framework, he noted that there was “no training or briefing” provided to him or any of his staff of seven people.
Referring to the failed log-in attempts into the Sunrise Clinical Manager database, he said that he had first noticed such activity on 11 Jun, which went on up to June 13. This observation was corroborated by Ms Tan. Both of them noted that the same activity was observed on 26 Jun, but was only truly detected on 4 Jul.
Mr Lum added that senior management, including SingHealth’s group chief information officer Benedict Tan, was notified only on 9 Jul, as he and his staff “did not think the (breach) would go beyond the local account,” and that initially, they were under the impression that it was not a “security incident,” but instead an “infrastructure incident”.
The attack was confirmed on 10 Jul. However, knowledge of the attack only went public ten days later.
Ms Tan is scheduled to continue her testimony in a closed hearing today (24 Sep).
Other key witnesses due to testify include chief information officer Bruce Liang from MOH, chief information security officer Chua Kim Chuan from MOH, and employees from MOH, SingHealth and IHiS.
The COI on the SingHealth cyber attack, which was dubbed as the largest data breach in Singapore’s history. was convened on 24 Jul.
Chaired by former Chief District Judge and current member of the Public Service Commission, Mr Richard Magnus, the COI comprises four members who were tasked to probe into the cybersecurity breach against SingHealth’s patients’ records in early July, which affected the personal medical data, such as the outpatient prescriptions of 1.5 million SingHealth patients, including that of Prime Minister Lee Hsien Loong.
-
Singapore2 weeks ago
Purported resignation message from Li Hongyi as Singpass director goes viral; GovTech yet to confirm authenticity
-
Community2 weeks ago
PAP MP Edward Chia: ‘Sanctions on Israel do not work’ when confronted by Holland-Bukit Timah resident
-
Singapore2 weeks ago
Lee Hsien Yang alleges rising repression and corruption in Singapore; government calls claims a ‘personal vendetta
-
Singapore5 days ago
PM Wong affirms government focus on Singapore’s priorities amid Lee Hsien Yang’s allegations
-
Opinion4 days ago
Why Wong remains noncommittal on election date despite approaching deadline?
-
Crime3 days ago
Man to be charged with grievous hurt on Monday after stabbing Catholic priest at St Joseph’s Church
-
Singapore3 days ago
MHA, Cardinal Goh commend response to knife attack at St Joseph’s Church, highlight need for preparedness
-
Politics5 days ago
PM Wong: Electoral Boundaries Review Committee not yet convened; No decision on GE timing