Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page327/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   321   322   323   324   325   326   327   328   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 423 of 425

IHiS should consider doing the next best thing – work with experts to ensure that no traces of the attacker are left behind.
1217. IHiS agrees with this recommendation and intends to engage an independent consultant to do this review, and eradicate any element of the malware tools used during the Cyber Attack.



COI Report – Part VII
Page 424 of 425

52 CONCLUSION ON RECOMMENDATIONS
1218. The Committee’s recommendations provide a comprehensive suite of measures that will enhance the capability of IHiS, SingHealth, and other organisations to deter, detect, respond to, and recover from IT security incidents. They range from basic cyber hygiene measures to more advanced measures which are better-suited after a certain level of cybersecurity maturity has been attained by the organisation.
1219. Implementation of the recommendations requires effective and agile leadership from senior management, and necessary adjustments to organisational culture, mindset, and structure. In this regard, the Committee is heartened to note that the MOH family is committed to learn from the Cyber Attack and will continually strengthen its systems against evolving cybersecurity threats. The Committee also notes that IHiS has already taken action following the Cyber Attack, accelerating three ongoing security projects, proposing six more measures, and considering an additional twelve measures (see Annex B).
1220. In the implementation of the Committee’s recommendations and the measures from IHiS, appropriate oversight of the implementation process, and verification that the measures have been effectively and adequately implemented, is vital.
1221. In this regard, the Committee proposes that IHiS and SingHealth provide updates to the HITSC (being the healthcare sector’s highest level platform for cybersecurity issues) every six months on the progress of the implementation of the Committee’s recommendations and measures from IHiS, and for the HITSC to consult CSA should any issues arise regarding their implementation. MOHH has informed the Committee that the CSC “stands ready to play apart in the
process”. The HITSC is best placed to identify any such role for the CSC.
1222. The Committee also agrees with the Solicitor-General’s recommendation that the GIA should conduct audit checks to verify that the Committee’s recommendations and the measures from IHiS are implemented. These checks



Download 5.91 Mb.

Share with your friends:
1   ...   321   322   323   324   325   326   327   328   329




The database is protected by copyright ©ininet.org 2024
send message

    Main page