Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page281/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   277   278   279   280   281   282   283   284   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 354 of 425

44 RECOMMENDATION #9: ENHANCED SAFEGUARDS
MUST BE PUTIN PLACE TO PROTECT ELECTRONIC
MEDICAL RECORDS
#PREVENTION; DETECTION #GOVERNANCE
1023. EMRs undoubtedly present many benefits. They improve patient care, and coordination of care, through enhanced access to patients medical information by all members of the healthcare team. The platform chosen for SingHealth to store EMRs was the SCM. The SCM operates like a dashboard, holding information such as patient records, diagnostic data, and medical history. This is very sensitive information. As the Cyber Attack has demonstrated, it is critical to protect the security and confidentiality of such medical records.
1024. The Cyber Attack aside, other recent cyber attacks have seen data breaches grow in size, number, and scope. Whether attacks are against telecommunications, financial services, entertainment, or healthcare institutions, data in respect of millions of users has been compromised. The attackers are no longer going after just credit card information. Attackers are after personally identifiable information (“PII”).
1025. Breaches involving PII and patient data are particularly hazardous to both individuals and organisations. Harm to the individual may include tampering with medical records, identity theft, embarrassment, or blackmail. Harm to the organisation may include a loss of public trust, legal liability, or remediation costs.
1026. Protecting the perimeter proved insufficient against the attacker in this case, and in any event, the threat to EMRs may come from malicious insiders. It is recommended that, network security aside, data-centric security measures must be implemented to


COI Report – Part VII
Page 355 of 425

(a) Ensure the confidentiality
91
and integrity
92
of medical records b) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information and c) Protect against any reasonably anticipated use or disclosure of such information.
93

Download 5.91 Mb.

Share with your friends:
1   ...   277   278   279   280   281   282   283   284   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy