Table of contents exchange of letters with the minister executive summary


Internet connectivity in the SingHealth IT network increased the



Download 5.91 Mb.
View original pdf
Page74/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   70   71   72   73   74   75   76   77   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

15.4 Internet connectivity in the SingHealth IT network increased the
attack surface
247. The SingHealth network’s connection to the Internet, while serving their operational needs, created an avenue of entry and exit for the attacker. This allowed the attacker to make use of an internet-connected workstation Workstation A) to gain entry to the network, before making his way to the SCM database to steal the medical data.
248. The Committee has also heard examples of security concerns arising from internet connectivity on certain network elements that were involved in the attack a)
SGH Citrix servers At the time of the attack, a user who accessed pre-configured internet websites through the SGH Citrix servers would be able to access websites other than the pre-configured sites simply by keying in the internet URL in the address bar of the web browser. If such other websites were malicious, it would be possible that malware would be downloaded onto the SGH Citrix server. b) The SP. server As mentioned in section 14.7 (pg 70) above, the SP. server was detected trying to connect to a C server on 19 July
2018. Investigations revealed that the SP. server was put to two uses first as an intranet document repository for SGH users and second as an internet web server hosting SGH websites. Leong
Seng was unable to explain why the SP. server was used both as a web server and an intranet server. The placement of the server in the local server zone was also a cause for concern – Leong Seng has clarified that intranet servers should be placed in an internal server zone with no connection to the internet. The implication of this appears to be that if the attacker fully compromised the SP. server, it would have gained a foothold within the local server zone.


COI Report – Part III
Page 85 of 425

249. The background relating to the formulation of the healthcare sector’s internet access strategy and the steps taken towards its implementation will be discussed in greater detail in section 48.1 (pg 390) below. For present purposes, it is sufficient to note the following a) The security risks arising from internet-connectivity in the
SingHealth network were raised by CSA to MOH from as early as August 2015; b) By June 2017, the healthcare sector had determined, among other things, that (i) internet access would be removed for staff that did not require the internet for work, and (ii) for staff that required the internet for work, access would be through a secure internet access platform which, at that time, was to take the form of a remote browser. c) When the Cyber Attack occurred, the remote browser solution was not yet rolled out. IHiS was on the cusp of awarding the tender for the remote browser solution in July 2018 when the Cyber Attack occurred, and the award of the tender was consequently put on hold.
250. Thus, at the time of the Cyber Attack, while an internet access strategy to reduce and mitigate the risks posed by internet connectivity in the SingHealth IT network had been formulated, it had not been implemented.

Download 5.91 Mb.

Share with your friends:
1   ...   70   71   72   73   74   75   76   77   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy