February 21, 2024

We are creating some awesome events for you. Kindly bear with us.

SingHealth cyberattack caused by combination of personnel and system errors

Credit https://www.sgh.com.sg/ and https://www.todayonline.com/singapore

A committee of Inquiry (COI) was set up last July to investigate the events and contributing factors that lead to Singapore’s worst ever cyberattack. It was set up shortly after the Ministry of Health announced that almost 1.5m SingHealth patient records had been compromised including that of Prime Minister Lee Hsien Loong.

The aim of the committee was not only to look at events leading up to the attack, but to establish how IHiS and SingHealth responded. They were tasked with making recommendations to reduce the risk of such attacks on government systems containing large volumes of personal data.

Their findings were passed to Mr Iswaran, Minister in charge of Cybersecurity on New Year’s Eve, and then published yesterday (Thursday 10 January).

It was established the attacker first accessed SingHealths IT network in August 2017, and then moved through the network between December 2017 and June 2018. The cyber attack was first noticed in June 2018 by IHiS IT administrators after unauthorised logins and failed attempts to access the Sunrise Clinical Manager (SCM) database, they thought these attempts had been terminated but they did not realise the hacker had access and had already began exfiltrating patient data.

Unusual activity was also noticed on July 4, but it wasn’t until July 9 that the appropriate management and departments were notified. Investigations into this breach then began on July 10. A public announcement was made on July 20.

Lack of Cybersecurity awareness

Although the suspicious activity had been noticed, the report stated that the seriousness of these incidents was not realised by personnel who also ‘were not familiar with IT security policy and the need to escalate to the CSA.’ Key staff in key roles in IT security response and reporting failed to take timely and appropriate action resulting in missed opportunities to prevent the data breach.

Weaknesses in the SingHealth Network and Sunrise Clinical Manager (SCM) System

The report found that an open network connection between Citrix SGH servers and SCM database was a weakness that allowed the hacker make queries on the database. It also found that servers were not secured well enough against unauthorised access. In early 2017, vulnerabilities in the network had been identified, but the committee discovered that these had not been resolved before the attack which may have been exploited by the attacker.

Recommendations to prevent future public sector cyber attacks

The committee made 16 recommendations of which 7 are priority recommendations to improve incident response plans for similar attacks and suggestions to better protect the SingHealth system and protect other government databases containing large amounts of personal data.

Their first was the IHiS & public health institutions must adopt an enhanced security structure. Systems should be reviewed to ensure it is able to defend and respond to advanced threats, staff knowledge on cybersecurity should be improved. They also recommended that enhanced security checks should be performed on systems with tighter controls on administrator accounts as well as incident response processes to be improved. Collaboration between industry and government was advised to achieve a higher level of collective security.

The report stated that the recommendations outlined should take priority and that they should be given the resources and attention for their implementation. It was advised that this should come from senior management in order to set organisational mindset and culture.

The report noted that ‘these imperatives apply equally to all organisations responsible for large databases of personal data. We must recognise that cybersecurity threats are here to stay, and will increase in sophistication, intensity and scale. Collectively, these organisations must do their part in protecting Singapore’s cyberspace and must be resolute in implementing these recommendations.’

Mr Iswaran and Health Minister Gan Kim Yong will address the report on 14 January during Parliament in ministerial statements. More learning to come shortly…

To read full report click here

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend