COI Report – Part II
Page
17 of
425 7 THE SUNRISE CLINICAL MANAGER SYSTEM 7.1 Overview of the SCM system 42. The crown jewels
8
of the SingHealth network are patient
electronic medical records, contained in the SingHealth Sunrise Clinical Manager (“
SCM”) database. The SingHealth SCM database was the target of the Cyber Attack.
43.
SingHealth uses SCM, an electronic medical records software solution from Allscripts Healthcare Solutions, Inc (“
Allscripts”), a US. company whose products and solutions are used by healthcare institutions around the world. The
SCM
integrates inpatient, emergency and ambulatory care through a single enterprise-wide electronic medical record. This enables physicians, nurses, and other clinicians to access real-time patient data.
44. The SCM system is vital to SingHealth’s operations and is extensively used in day-to-day care delivery.
45. The SCM system was identified as a CII system within the healthcare sector and also as a mission-critical system for SingHealth.
7.2 The SingHealth SCM database 46. The SingHealth SCM database that was illegally accessed contains the following information a) Patient demographic data Crown jewels refers to an organisation’s mission-critical information assets –
which could include content, customer data, product designs or other business-critical intellectual property, which would cause major business impact if compromised.
Source Mark Lobel, “Cybersecurity: keeping the crown jewels safe online is everyone’s business, Feb 2015
)
COI Report – Part II
Page
18 of
425 (b) Clinical episode information (
e.g. A&E, inpatient, outpatient c) Orders (
e.g. laboratory, radiology, cardiology,
medication, nursing d) Results (
e.g. of diagnostic tests and orders e) Clinical documentation (
e.g. from doctors, nurses, rehabilitation f) Vital signs (
e.g. blood pressure, pulse g) Medical alerts and allergies h) Diagnosis and health issues i) Vaccination details j) Discharge summaries k) Medical certificates and l) Outpatient medication dispensed (with associated patient demographics.
47. As at July 2018, the SCM database contained patient data belonging to over 5.01 million unique patients. The data that was illegally accessed belonged to almost 1.5 million unique patients.
Share with your friends: 
