COI Report – Part IV
Page
181 of
425 29 EVENTS OF 10 JULY 2018 29.1 Discovering that the queries did result in data being returned 575. On the morning of 10 July 2018,
members of IHiS management, including Serena, Clarence, Woon Lan, Henry,
Hann Kwang and Teresa met at ConnectionOne to continue their discussion on the events of 4 July 2018. At am, they were joined by Kim Chuan.
576. While discussions were ongoing, Henry decided to run one of the queries to double-check whether any data would be returned from the database. He was shocked to discover that the query did in fact result in data being returned – this was contrary to Kelvin’s earlier representation that no results were returned – and he informed those present at the meeting.
577. Kim Chuan directed the team to ascertain the number of records retrieved from the SQL queries. At the time, the team estimated that there were around
600,000
records retrieved, and they found that the SQL queries could have been run since late June Separately, Kim Chuan was also informed that one of the logins to a Citrix server could be traced to at least one compromised PC in
SingHealth.
37 578. By this point, Kim Chuan “
thought that it could bean APT attack, and that the incident could be categorised as Category 1”.
However, he did not inform CSA of this immediately as the conference call with Bruce and Benedict was scheduled at pm that same day, and Kim Chuan felt that it was important for Bruce to be briefed and be able to assess the situation and facts.
37
Kim Chuan does not state which Citrix server this is, but in the circumstances, this must be a reference to Citrix Server 2.
