COI Report – Part III
Page
87 of
425 256. Angela also gave evidence that she
asked Zhao to log a case with Allscripts, but she did not followup with him on whether he had in fact done so.
Zhao’s evidence is that Angela had asked him to provide feedback to the architecture team, but he did not know who she meant by this. More pertinently,
Zhao did in fact know that he could log a case with Allscripts,
but presumed that Allscripts “
(would) not realise the importance of all this”, and thus did not log a case with Allscripts.
257. Zhao’s actions must be viewed in context of his other action of independently sending an email to Epic Systems Corporation (“
Epic”), a competitor of Allscripts, on 17 September 2014. The subject of the email was
“
Allscripts Sunrise Clinical Products can be hacked easily”, and the email read Dear Epic, Theresa loophole in Allscripts Sunrise Clinical Manager products, where user can gain admin control of the whole database easily. The user can be just a medical student, nurse, pharmacist. This lies in their architecture of the product. Note the market share of Sunrise Clinical
Manager in US hospitals, this could lead to a serious medical data leak, or even a national security threat. As a competitor, I am not sure whether you can leverage on this to gain more market share. Contact me if you guys are interested. Regards, HZ
258. On 18 September 2014, David Chambers, who is in charge of Allscripts’
businesses in Asia, wrote to Dr Chong Yoke Sin (“
Dr Chong”), the CEO of IHiS at the time, informing her of Zhao’s email, and impressing that Allscripts was
“
treating this as a very serious matter”.
259.
Dr Chong tasked Foong Lai Choo (the then-Director of the Core Apps 1 Department, which Zhao was part of) (“
Lai Choo”) and Kua Cheong Kee Clarence (the Applications Service Lead for SingHealth systems, including the
SCM system) (“
Clarence”) to verify whether Zhao
was in fact the one who sent 
