COI Report – Part II
Page
22 of
425 60. While the migration of SingHealth servers to H-Cloud has been largely completed for the key systems, there are some remaining non-business critical servers in this zone that are in the progress of migrating to H-Cloud. This includes
the Citrix server farm, which still continued to operate at SGH premises, after June 2017 and as at July 2018. These Citrix servers were used to host applications
for the SGH intranet, including SAP (which is enterprise software used to manage business operations and customer relations,
pharmacy systems, Operating Theatre Management systems etc.
61. Notably, there was still network connectivity between the Citrix server farm at SGH and the SCM database server in the H-Cloud data centre. This connectivity between the SGH Citrix servers and the SCM database servers in the HDC proved to be a significant vulnerability that was exploited during the attack, as explained below at section 15.1 (pg 72).
9 IHIS TEAMS RESPONSIBLE FOR IT AND IT SECURITY ADMINISTRATION AND OPERATIONS 62.
The IHiS organisational chart, highlighting the teams involved in the
Cyber Attack is presented on the following page. The roles and responsibilities and key personnel from these teams will be detailed in section 9.1 and 9.2 below.
