Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
COI Report – Part IV Page 106 of 425 298. On 5 June 2018, Kim Chuan, in his capacity as CISO for MOH, presented to the IHiS ARC (Audit and Risk Committee) on the “Cybersecurity Threat Landscape for Public Healthcare”. Pertinently, the following were identified a) Remote Access Trojans used for “steal(ing) confidential data from within organisations network through backdoor on compromised PCs” was identified as a threat bi State-backed, highly-skilled cyber hackers who target national Infrastructure and systems for espionage” was identified as a one of the profiles of cyber attackers and c) IHiS and PHIs would have to remain vigilant against the “potential threat” of “Advanced persistent threats (APT)s, stealth attacks to attack endpoint systems, exfiltrating data and/or facilitating backdoor access”, while also stating that there were no incidents as yet. A slide showing the Anatomy of an APT Attack was also included. 299. It is unfortunate to note that what was described in the 5 June 2018 IHiS ARC meeting as a “potential threat” was already areal and present danger unfolding at the time. 300. The overall picture that emerges from the above facts is that IHiS’ senior management had knowledge of and was alive to the threat of APTs from as early as August 2016, and had some familiarity with the Anatomy of an APT Attack. Senior management of SingHealth and MOHH may also have had some awareness of the threat of APTs based on discussions of the FY and FY CII risk assessments. However, as the Committee’s findings on IHiS’ incident response demonstrates, this knowledge did not effectively percolate down to the IT administrators, security personnel and line management in IHiS. The ATP system was also not yet implemented throughout the Cyber Attack.
