COI Report – Part VII Page 391 of 425 work and that internet access (save for certain high-risk sites) via IIT in the form of the RB solution would be provided to staff that required the internet for work. However, the status quo as at the time of the Cyber Attack was not acceptable – i) internet access removal for staff that did not require the internet had only been implemented in some PHIs; (ii) there had been no firm decision on which staff really needed the internet for work (iii) there had been no consideration of whether the RB solution should be deployed in the same or different device from which clinicians accessed the EMR, and the concomitant risks of either option and (iv) in any event, the RB solution had not yet been rolled-out. 1137. While ISS was not the preferred solution for the Health sector pre-Cyber Attack, we note CE, CSA’s evidence that public acceptance of cybersecurity measures changes overtime, and in particular, after cyber attacks happen. The internet access strategy should thus be considered afresh, in the light of the Cyber Attack. 48.2 Benefits and drawbacks of Internet Surfing Separation 48.2.1 Benefits 1138. ISS prevents an attacker from gaining direct access into the CII systems that are providing essential services, and prevents any attacker that may remain in the network to callback (i.e. establish connections out) and steal further data. 1139. In the case of the Cyber Attack, despite a suite of containment measures, it was discovered on 19 July 2018 that the attacker was trying to reenter the network. ISS was necessary to contain the threat and prevent further compromise. The implementation of ISS achieved this aim, and no further suspicious activity was detected in SingHealth’s network thereafter. This safeguarded key public healthcare IT systems and confidential patient data. The benefit of ISS as a cybersecurity measure is thus clear.
