In a public hearing before the Committee of Inquiry (COI) on Friday (21 Sep) regarding the SingHealth cyber attack, two employees from the information technology (IT) department of the Ministry of Health (MOH) revealed that they were in the dark as to what steps should be taken in the event of such an attack.

The two MOH IT staff noted in their testimony during the Committee’s first public hearing out of six that while there are existing guidelines regarding reporting such cybersecurity breaches, they were not adequately trained on how to manage such incidents themselves.

Database administrator with the Integrated Health Information Systems (IHiS) Ms Katherine Tan testified that she had alerted her supervisor, Ms Teresa Wu, to the cybersecurity breach while trying to shut down any ongoing activity in the electronic medical database.

In response, Ms Wu sent her a slide detailing the reporting framework, and directed her to refer to her colleagues who were dealing with the same issue in order to establish a consensus as to whether a report should be made, which Ms Tan had abided to.

However, Ms Tan said, “No one responded” to her query, adding that she “never followed up to press for an answer to the matter.”

Later on, up until the midnight of 5 Jul, she developed a script at home to combat and prevent more “unusual activity” from taking place in the system, adding that following the input of her script into the database, she was not notified of any further queries being made to the particular database, until approximately five days later when she was called upon to an “urgent meeting” at the IHiS headquarters regarding the incident.

“During the meeting of 9 Jul, the incident on 4 Jul was not yet considered by IHiS to be a cyber attack, although it was acknowledged to be a security incident,” said Ms Tan.

She was instructed on the following day to report to a war room set-up and to trawl the database — also known as the Sunrise Clinical Manager database — to monitor any failed log-in attempts that might have been made by the infiltrators whilst trying to hack into the IHiS database.

“No such framework was communicated to me either verbally or in writing. I was never provided with any training or briefing on (such a) framework,” Ms Tan said, adding that she also manages more than 50 other databases.

Assistant director in the systems management department of IHiS’ infrastructure division Mr Lum Yuan Woh confirmed Ms Tan’s account, saying that while he had knowledge of a framework, he noted that there was “no training or briefing” provided to him or any of his staff of seven people.

Referring to the failed log-in attempts into the Sunrise Clinical Manager database, he said that he had first noticed such activity on 11 Jun, which went on up to June 13. This observation was corroborated by Ms Tan. Both of them noted that the same activity was observed on 26 Jun, but was only truly detected on 4 Jul.

Mr Lum added that senior management, including SingHealth’s group chief information officer Benedict Tan, was notified only on 9 Jul, as he and his staff “did not think the (breach) would go beyond the local account,” and that initially, they were under the impression that it was not a “security incident,” but instead an “infrastructure incident”.

The attack was confirmed on 10 Jul. However, knowledge of the attack only went public ten days later.

Ms Tan is scheduled to continue her testimony in a closed hearing today (24 Sep).

Other key witnesses due to testify include chief information officer Bruce Liang from MOH, chief information security officer Chua Kim Chuan from MOH, and employees from MOH, SingHealth and IHiS.

The COI on the SingHealth cyber attack, which was dubbed as the largest data breach in Singapore’s history. was convened on 24 Jul.

Chaired by former Chief District Judge and current member of the Public Service Commission, Mr Richard Magnus, the COI comprises four members who were tasked to probe into the cybersecurity breach against SingHealth’s patients’ records in early July, which affected the personal medical data, such as the outpatient prescriptions of 1.5 million SingHealth patients, including that of Prime Minister Lee Hsien Loong.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

HDB lift with "Waterfall feature" at Tiong Bahru

A video shows a lift located at Tiong Bahru, showered with “waterfall”…

Poll shows 44% don’t resonate with any of PM Lee’s announcements at NDR

After Prime Minister Lee Hsien Loong made his speech at the National…

李显龙重申 “正直、诚信和廉洁乃行动党根基”

新加坡总理、也是人民行动党秘书长的李显龙,致函全体行动党议员重申,正直、诚信和廉洁是行动党的根基。 他提醒议员是人民公仆,议员们要仔细聆听国人的心声,帮助他们解决迫切的问题,并向政府反映他们的担忧和愿望。 他也指出,不论是否支持或反对政策,该党议员都需要坦率在国会发表观点。同时,应准备好与反对党议员对话,寻求澄清并检视对方的言论。 随着反对党议员此次选举拿下10席,他认为国会会迎来更激烈的辩论,为此呼吁行动党议员,不要回避激烈讨论,抱持坚定的信念畅所欲言。  

Sheng Siong CEO Lim Hock Chee’s philosophy of care proves successful and sustainable

When you think about success stories in Singapore, you cannot miss the…