Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page38/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   34   35   36   37   38   39   40   41   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part II
Page 35 of 425

11.1 The Healthcare IT Security Incident Response Framework
(“SIRF”)
102. The Healthcare IT Security Incident Response Framework (“SIRF”) – translates the NCIRF requirements into how PHIs are to report IT security incidents to their management and to the Healthcare Sector Lead, for onward reporting to CSA. This was prepared under Kim Chuan’s charge, and issued by
MOHH and IHiS in February 2017.
103. From the present proceedings, there was no evidence that the SIRF had been circulated or otherwise communicated widely to staff, and was not known to most of the witnesses who were IHiS staff.
11.2 The Cluster IT Security Incident Response SOP (“IR-SOP”)
104. The Cluster IT Security Incident Response SOP (“IR-SOP”) details the various protocols for Clusters and their respective PHIs, for reporting and responding to specific scenarios of IT security incidents. This was created by Han Kwang, based on the SIRF.
105. The IR-SOP was shared in March 2018 with the Security Management team members, incident responders (i.e. the CERT, Serena and CSG.
11.3 Security incident reporting flow for SingHealth
106. Both the SIRF and IR-SOP categorise reportable security incidents in an identical manner to the NCIRF. These documents also dictate IHiS’ internal reporting timelines to Healthcare Sector Lead (CSG) for each category of incident.
107. Information on the incident reporting flow for SingHealth is set out in both the SIRF and IR-SOP. While some information is in common between the two documents, there are different focuses and updated information in the IR-SOP, which was issued a year after the SIRF.


COI Report – Part II
Page 36 of 425

(a) The SIRF describes the framework for PHIs, also termed as healthcare entities, in reporting security incidents to their management and the Healthcare Sector Lead. It includes the typical incident reporting flow, starting from the Cluster ISO (Security Officer, which then branches to multiple incident reporting chains
– including to the Cluster GCIO and CSG as Healthcare Sector Lead and also results in the incident being reported to CSA, and management of SingHealth, IHiS, MOHH and MOH. b) The IR-SOP covers incident reporting as part of the roles and responsibilities of the SIRT in mounting a broader response to security incidents. The IR-SOP includes the typical incident reporting flow mentioned in (a. Unique to the IR-SOP is the SIRT Reporting Structure and description of the SIRT members roles, which provides fora linear incident reporting from Cluster ISO to Cluster GCIO, and then to Cluster senior management.


Download 5.91 Mb.

Share with your friends:
1   ...   34   35   36   37   38   39   40   41   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy