Staff lapses and IT system vulnerabilities are key reasons behind SingHealth cyberattack, according to COI Report

After 22 days of public and non-public hearings involving 37 witness accounts from August to November 2018, the Committee of Inquiry (COI) convened to inquire into the occasions and contributing components main to the cyberattack on Singapore Health Services Private Limited (SingHealth)’s affected person database system, has launched its 454-page public report as we speak.

Between late June to early July 2018, hackers breached SingHealth’s Sunrise Clinical Management (SCM) database with a “deliberate, targeted and well-planned” cyberattack, accessing the info of about 1.5 million sufferers, together with Prime Minister Lee Hsien Loong.

In the report, the Committee recognized 5 key findings:

  • Integrated Health Information Systems (IHiS)* workers didn’t have sufficient ranges of cybersecurity consciousness, coaching, and assets to respect the safety implications of their findings and to reply successfully to the assault

  • Certain IHiS workers holding key roles in IT safety incident response and reporting failed to take applicable, efficient, or well timed motion, leading to missed alternatives to forestall the stealing and exfiltrating of information within the assault

  • There had been numerous vulnerabilities, weaknesses, and misconfigurations within the SingHealth community and SCM system that contributed to the attacker’s success in acquiring and exfiltrating the info, lots of which may have been remedied earlier than the assault

  • The attacker was a talented and subtle actor bearing the traits of an Advanced Persistent Threat group

  • While cyber defences won’t ever be impregnable, and it could be tough to forestall an Advanced Persistent Threat from breaching the perimeter of the community, the success of the attacker in acquiring and exfiltrating the info was not inevitable

The Committee additionally made a complete of 16 suggestions, comprising seven Priority Recommendations and 9 Additional Recommendations.

The seven Priority Recommendations are:

  • An enhanced safety construction and readiness should be adopted by IHiS and Public Health Institutions

  • The cyber stack should be reviewed to assess whether it is sufficient to defend and reply to superior threats

  • Staff consciousness on cybersecurity should be improved to improve capability to forestall, detect, and reply to safety incidents

  • Enhanced safety checks should be carried out, particularly on Critical Information Infrastructure (CII) methods

  • Privileged administrator accounts should be topic to tighter management and larger monitoring

  • Incident response processes should be improved for more practical response to cyber assaults

  • Partnerships between business and authorities to obtain the next degree of collective safety

Some of the Additional Recommendations embody:

  • IT safety threat assessments and audit processes should be handled critically and carried out often

  • Enhanced safeguards should be put in place to shield digital medical data

  • Incident response plans should extra clearly state when and how a safety incident is to be reported

The report additionally indicated that the IHiS and SingHealth ought to give precedence to implementing the suggestions, and sufficient assets and consideration should be devoted to their implementation, and there should be applicable oversight and verification of their implementation.

The full report could be accessed right here.
*IHiS is the Ministry of Health’s IT arm.

Be the first to comment on "Staff lapses and IT system vulnerabilities are key reasons behind SingHealth cyberattack, according to COI Report"

Leave a comment

Your email address will not be published.