Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page156/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   152   153   154   155   156   157   158   159   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 183 of 425

583. Bruce was also informed of the following in response to some of his queries a) There were attempts to access the SCM database from backup
Citrix servers since 11 or 12 June 2018, and this was not atypical route that an end-user would take to access the SCM database.
38
(b) One of the Citrix servers used to attempt access the SCM database had been taken down for investigation before 27 June 2018 (i.e.
Citrix Server 1). c) The SQL queries were made from a Citrix server (i.e. Citrix Server
2), and that the name of the program used. d) The SQL queries were coming from authorised accounts and an authorised Citrix server. e) The SQL queries could not have been the activity of an internal attacker or a bad program running in the system.
584. In view of the above “signs of strange activity” that “could not be
accounted for”, Bruce decided that the matter should be reported to CSA and asked Kim Chuan to do so. Bruce also asked Kim Chuan how the incident should be categorised, to which Kim Chuan replied that it should be seen as a Category
1 incident, as the incident involved unauthorised to a CII system, the SCM database.
585. At the time of the meeting, Bruce did not ask the team why they did not report these events earlier, or why they said the night before that zero records As mentioned in paragraph 215 (pg 81) above, it was established subsequently in the course of investigations that the SGH Citrix servers could not, in fact, be used for backup connectivity to the SCM database.


COI Report – Part IV
Page 184 of 425

were retrieved. Bruce has explained that “these were not priority questions (at
the time of the meeting)”.
586. Kim Chuan recalls discussing at the meeting why staff had not escalated the matter earlier, but he did not receive any answers. However, in his view, IHiS security staff should have been able to recognise that the incident was a Category
1 incident based on the information that was presented on 10 July 2018 and their experience from the TTX conducted in March 2018.
587. At the meeting, Serena asked the team to start tabulating an event log, recording all staff observations and actions in relation to the events of June and July 2018. Bruce assigned Leong Seng to be in-charge of IHiS investigations into the matter. Benedict also told Bruce that he would inform SingHealth’s management.

Download 5.91 Mb.

Share with your friends:
1   ...   152   153   154   155   156   157   158   159   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy