Table of contents exchange of letters with the minister executive summary


(ii) where two-way communication is required, internet isolation technology (“IIT



Download 5.91 Mb.
View original pdf
Page308/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   304   305   306   307   308   309   310   311   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

(ii) where two-way communication is required, internet isolation technology (“IIT”) should be employed. IIT creates a secure remote infrastructure, so that information from the internet is transmitted to the endpoints in a flattened state, i.e. with all its macros removed. The technology combines Firewall and Content Threat Removal technology that cleanses all traffic that passes through it. If
IIT is implemented, mitigating measures should be implemented simultaneously to address the residual risk.
48.1 Healthcare Sector’s pre-Cyber Attack internet access strategy
1134. As early as 2015, CSA had made a security observation that hospitals, including those in the SingHealth cluster, had endpoints which could access both the internet and the EMR concurrently, and this could lead to medical records being accessed by unauthorised personnel via the internet. CSA thus made two recommendations (a) to use a thin client to access the internet (understood by
IHiS to mean IIT through a virtual browser (“VB”) or remote browser (“RB”)); orb) to disable internet access from hospital terminals (understood by IHiS to mean ISS.
1135. At that time, ISS was not considered feasible, as internet usage enabled the PHIs’ core operations, including patient care, education and research, and administration and operations. Hence, as consideration went into which staff did not really need the internet for work, IIT in the form of VB was concurrently studied as an alternative solution. After studying the VB solution, IHiS recommended the use of VB over ISS, as it would be less disruptive. IHiS trialled a proof of concept of a RB product and concluded that it would bean effective solution. In June 2017, CSA gave the conditional go-ahead for the RB solution, provided that mitigating controls were put in place to address the residual risks, and that Senior Management in the healthcare sector accepted these risks.
1136. Hence, by June 2017 the healthcare sector had already determined that internet access would be removed for staff that did not require the internet for


Download 5.91 Mb.

Share with your friends:
1   ...   304   305   306   307   308   309   310   311   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy