COI Report – Part VII
Page
358 of
425 an external actor can also obtain credentials and masquerade as an authorised insider. Logging of access to the EMR from the front-end client can also therefore be essential to investigating unauthorised access by external attackers.
1035. This can be accomplished through the use of audit trails which allow organisations to precisely monitor who has accessed patient information by tracking all system activity, modifications, generating
timestamps for entries, listing what was viewed, for how long, and by whom. Alerts can then beset to flag unusual activity.
1036. Although it appears that IHiS did have some policy for logging access, this was not reduced to writing. Audit trails were in place for access
to the SCM medical records, and for sensitive records in particular. IHiS should rationalise which systems are subject to audit trails and reduce the policy to writing, so that it is clear and any gaps in coverage can be identified. Further, the policy should also detail what logs are kept, and how long they are kept.
44.1.4 Rate limiting 1037. Rate limiting refers to controlling the number of medical records that can be accessed by a user atone time. It appears that IHiS did have some sort of
rate limiting policy in place, but it appears not to have been documented. Dr Chong testified that, when the SCM was initially procured, it was decided that if more than a certain set number of records were accessed at the same time, an alert would be
sent to the IHiS security team, and the Cluster IT and Operations teams.
1038. Again, the existing policy should be reduced into writing, so that there is clarity about its requirements and scope. Any gaps can then be identified and addressed.
