Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page162/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   158   159   160   161   162   163   164   165   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part V
Page 190 of 425

601. The NCIRT conducted forensic analysis of these artefacts to verify that data had been successfully exfiltrated, as well as to determine the sequence of attack, and the nature of the attacker. The NCIRT also correlated the investigation findings with information from partners and vendors, as well as research from open source information. This provided them with abetter appreciation and understanding of the attacker and its tactics, techniques, and procedures.
602. The War Room was setup to facilitate coordination between agencies, containment and recovery, investigation, impact analysis, situational updates, and public communications. Leong Seng was placed in-charge of the War Room, which was organised with five working cells a) Containment This cell focussed on dealing with containing the
Cyber Attack, and was led by Leong Seng. b) Investigation This cell focussed on investigations on how the
Cyber Attack happened, and was also led by Leong Seng. c) Patient Impact This cell focussed on reviewing whose records had been accessed, and was led by Benedict. d) Communications Communications were dealt with by the Ministry of Communications and Information (“MCI”) and MOH and was supported by IHiS Director, Corporate Communications, IT & Admin Group, Loh Chee Peng. e) Reviewing security measures for other systems and other Clusters This cell was led by IHiS Director, Service Delivery, Mark Winn.
603. In Vivek’s expert opinion, setting up the War Room was an appropriate action and these five cells were appropriately tasked to cover the key areas on which focus was required.


COI Report – Part V
Page 191 of 425

604. From 11 July 2018, Benedict was based at the War Room. His role was to understand the extent of the breach and the data accessed and exfiltrated, in order to keep SingHealth updated for it to prepare its patient communications and outreach plans. At pm on 12 July 2018, Benedict also lodged a police report for the incident. Kim Chuan went to the War Room daily to maintain situational awareness and keep up with developments, but did not play any role in containment of the attack. From 11 to 23 July 2018, Bruce oversaw the technical response, focussing on the containment measures and addressing IT security weaknesses.

Download 5.91 Mb.

Share with your friends:
1   ...   158   159   160   161   162   163   164   165   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy