Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page62/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   58   59   60   61   62   63   64   65   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part III
Page 68 of 425

Minister’s personal and outpatient medication data was specifically targeted and repeatedly accessed. Bulk queries on patients in general
198. The attacker then made queries relating to patients in general, where no particular NRIC numbers were specified. IHiS staff detected the unusual queries on 4 July 2018. IHiS staff then terminated any subsequent bulk queries made on
4 July 2018, and took steps to prevent any similar malicious queries from being run against the SCM database. There was thus no further unauthorised access of the SCM database after 4 July 2018.
14.6 Exfiltration of data to overseas C servers
199. Between 27 June 2018 and 4 July 2018, the attacker was able to retrieve the following information from the SQL queries a) The Prime Minister’s personal and outpatient medication data b) The demographic records of 1,495,364 unique patients, including their names, NRIC numbers, addresses, gender, race, and dates of birth and c) The outpatient dispensed medication records of about 159,000 of the 1,495,364 patients mentioned in subparagraph (b) above.
200. From 27 June to 4 July 2018, the data was exfiltrated by the attacker via
Workstation A to the attacker’s C servers, as shown in the following figure




COI Report – Part III
Page 69 of 425

Figure 11: Data exfiltration route
201. IHiS simulated the queries executed by the attacker and was able to approximate the data volume of the results. This was compared against data on the outgoing network traffic from Workstation A to an overseas C server from
27 June 2018 to 4 July 2018. The two data-sets clearly correspond to each other, and strongly indicates that part of the outgoing data contained the patient records accessed by the attacker.
202. IHiS has also confirmed that the size of the database query returns corresponds to the approximate size of 1.5 million patients personal particulars and 159,000 outpatient dispensed medication records.
203. There is no evidence to show that patient records had been amended, deleted, or otherwise tampered with. Similarly, there is no evidence that other patient records, such as diagnoses, test results, or doctors notes, were accessed. There was no disruption to healthcare services and patient care was not compromised.
204. The copying and exfiltration of data from the SCM database was stopped on 4 July 2018, after staff from IHiS discovered the unusual queries and took steps to prevent any similar queries from being run against the SCM database.

Download 5.91 Mb.

Share with your friends:
1   ...   58   59   60   61   62   63   64   65   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy