Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page284/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   280   281   282   283   284   285   286   287   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 359 of 425

44.1.5
Tagging of sensitive data
1039. We cover the topic of sensitive data later in this Recommendation. For the moment, it suffices to say that the HITSPS is silent on this issue. The policy, again, should be formalised so that gaps can be identified and addressed. The written policy should also address the issues raised in the following sections.
44.2 Databases containing patient data must be monitored in real-
time for suspicious activity
1040. Bulk queries during the Cyber Attack were not detected by any monitoring systems and came to light only by chance, when it was noticed by an alert employee (Sze Chun). Monitoring for such queries, which are indicative of unauthorised data harvesting, must be implemented at database-level.
1041. On 4 July 2018, Sze Chun noticed that an unusual query had been run.
Sze Chun was aware that the SCM front-end application does not allow for bulk queries. Bulk queries in and of themselves would therefore have been suspicious. However, the bulk queries run from 27 June to 4 July 2018 had not been picked up because there was no mechanism in place to detect bulk queries to the SCM database.
1042. These queries were repeatedly run a few minutes apart over several days. Given the frequency of the attempts and the large number of records sought, it should have been clear that there was no legitimate reason for these queries.
1043. It is recommended that a system of database activity monitoring (“DAM”) be implemented. DAM is the process of observing, identifying and reporting a database’s activities in real-time. DAM tools help in detecting unusual and unauthorised, internal or external activities and will serve in the prevention and protection of sensitive data from intruders.


COI Report – Part VII
Page 360 of 425

1044. DAM solutions possess the following capabilities a) Monitoring of database. These tools audit database activity on a
24/7 basis in real-time. DAM monitors the activity of i) Privileged users (including database administrators and system administrators, to ensure that data is not accessed or modified without authorisation ii) Users, to check for unusual or malicious activity and iii) User accounts, to check if the accounts are dormant or inactive. b) Attack prevention. DAM also helps to prevent attacks by i) Providing alerts in real-time to notify security personnel of suspicious activity detected and ii) Blocking attacks in real-time, based on recognition of known database exploits and unusual patterns of activity. c) Auditing for forensic investigations. DAM solutions are able to track the source of data leaks by recording the who, what, when, where and how of every query and identifying which records exactly have been exposed.
1045. Following the Cyber Attack, IHiS procured a DAM solution. This solution is capable of detecting anomalous database activity, like bulk queries, and can automatically trigger alerts or block the activity. IHiS is still testing it before rolling it out fully, as there are concerns about whether the implementation of the DAM solution will negatively affect the performance of the IT systems, either by causing lag or by triggering too many false positive alerts. Although there


Download 5.91 Mb.

Share with your friends:
1   ...   280   281   282   283   284   285   286   287   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy