COI Report – Part V
Page 197 of 425
exfiltrated; (b) around 160,000 patients had their dispensed medical records accessed and (c) around 1.5 million patients had their demographic data accessed.
629. At the meeting on 14 July 2018 at 4:00 pm, CSA informed SingHealth that no patient data had been overwritten or changed. With this key piece of information, SingHealth further shaped its plan for patient outreach and communications. At this same meeting, it was agreed that there was a need to make a public announcement, but the timing of the announcement was in issue.
630. Eventually, 20 July 2018 was scheduled as the date for the public announcement, to ensure that there was sufficient time for proper containment of the Cyber Attack. As it turned out, the attempted callbacks from the SP. server to the C server on 19 July 2018 indicated that the attacker could still be in the system, and led to the implementation of internet surfing separation at am on 20 July 2018. The public announcement of the Cyber Attack was made later that same day at around pm.
33.2 Patient outreach and communications
631. Prof. Kenneth took direct charge of patient outreach and communication efforts for SingHealth, in close consultation with Prof. Ivy. Upon receiving more complete information about the attack, SingHealth began making detailed plans on how to contact patients, which patients to contact, and how to prioritise the contacts.
33.2.1
Identifying the patients who should be contacted
632. On 18 July 2018, IHiS informed SingHealth that the attack only affected patients who visited SingHealth institutions from 1 May 2015 to 4 July 2018.
SingHealth decided to expand the date range and reach out to patients who had visited SingHealth insitutions from 1 January 2015 to 4 July 2018, on the basis that patients might recall the year they had visited the institutions but might not be sure of which month they had visited. Further, drugs may sometimes be logged
|
