Table of contents exchange of letters with the minister executive summary


Assessment of SingHealth’s incident response



Download 5.91 Mb.
View original pdf
Page172/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   168   169   170   171   172   173   174   175   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
33.3 Assessment of SingHealth’s incident response
651. The efforts of SingHealth, with the assistance of its partners, inpatient outreach and communications are commendable. A large number of patients were able to receive and obtain the necessary information in a timely and
41
Bit.ly is a URL shortening service. URL shortening is a technique in which a URL maybe made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has along URL.


COI Report – Part V
Page 204 of 425

effective manner, through multiple modes of communication. The Committee notes that the scale of the outreach was unprecedented, and was planned and operationalised over a span of just 11 days, from when SingHealth’s management was apprised of the situation on 10 July 2018. The dedication shown by the staff volunteers from SingHealth in assisting their patients is especially heartening.
652. The fact that the public announcement was made on 20 July 2018 is also well regarded. CE, CSA has noted that the general consensus among professionals, both in Singapore and around the world, is that the Singapore Government publicly announced the Cyber Attack in a “remarkably short time”, and that this is contrasted against the “long runways” between discovery and public disclosure in many other cases of data breaches.
653. The use of multiple channels of communications, with SMS messages being the primary means of informing patients, proved to be effective. The Committee notes in this regard the submission by counsel for SingHealth, that
SingHealth’s approach maybe contrasted with the experiences of the UK’s National Health Service (“NHS”) during the 2017 WannaCry Ransomware cyber attack. In that case, the NHS was found to have been over-reliant on email communications, and the need for alternative communication channels and multiple communication routes to support incident response was identified as a learning point 654. Nonetheless, there remains room for improvement in respect of the collecting and updating of patient contact details. The Committee has heard that
15% of the SMS messages failed to be delivered. At the time of the Inquiry,
SingHealth was still unable to contact 2.9% of the affected patients. despite having utilised all these modes of communication. In this regard, the issues faced William Smart (UK Chief Information Officer for Health and Social Care, Lessons learned review of the
WannaCry Ransomware
Cyber Attack" February
2018), at p,
[5.13],
<
https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review- wannacryransomware-cyber-attack-cio-review.pdf
>.


Download 5.91 Mb.

Share with your friends:
1   ...   168   169   170   171   172   173   174   175   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy