Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page109/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   105   106   107   108   109   110   111   112   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 126 of 425

21.5 Assessment of IHiS’ incident response on 12 June 2018
368. The Committee notes that the Citrix Team had acted appropriately to raise the matter to the SMD. However, the response could have been improved by quicker action (e.g. immediately upon learning at around pm about the failed attempts at logging into the SCM database, and by providing clearer explanations of their findings and their views to the SMD.

22 EVENTS OF 13 JUNE 2018
22.1 Meeting to update Benjamin on the events of 11 and 12 June
2018 and sharing of information with the CERT and Wee
369. At around am on 13 June 2018, Benjamin met with Veerendra and Vicky from the Citrix Team. Veerendra and Vicky showed Benjamin some logs, and explained the following a) That attempts had been made to access the SCM database from
Citrix Server 1, most recently on 11 and 12 June 2018; b) That multiple usernames had been used in attempts to login to the
SCM database c) That there had been unauthorised access to Citrix Server 1 using the LA. account on multiple occasions dating as far back as 17 May 2018; d) The hostnames of the workstations used in the abovementioned instances of unauthorised access to Citrix Server 1, which included i) the PHI 1 Workstation (ii) Workstation Ca SGH workstation iii) VM 1; and (iv) VM 2; and e) That the LA. account should only have been used by the Citrix Team.


COI Report – Part IV
Page 127 of 425

370. Benjamin’s evidence is that based on the above, it appeared to him that the SCM database, which he knew to be a CII, was being targeted.
371. Shortly after the meeting, Vicky forwarded Benjamin an email from Katherine containing screenshots of the alerts received by Katherine showing the failed login attempts to the SCM server. The CERT, Ernest, and Wee were copied in Vicky’s email to Benjamin. While Ernest was still overseas and did not read the email at the time, Wee was at work and would have received the email. Once again, however, Wee “cannot now recall” if he had read Vicky’s email or the attached email from Katherine.

Download 5.91 Mb.

Share with your friends:
1   ...   105   106   107   108   109   110   111   112   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy