COI Report – Part VII Page 366 of 425 relate to sensitive data and that such solutions do notwork well with encrypted data. The MOH family should study the feasibility of implementing data encryption and if such a solution is assessed to be not suitable, then the DLP solution should be implemented. 44.6 Access to sensitive data must be restricted at both the front-end and at the database-level 1064. There is no written policy relating to IHiS’ treatment of access to and monitoring of sensitive EMR. The HITSPS is silent on this issue. 1065. Front-end controls. The SCM application supports the tagging of sensitive data within its system. For these tagged patients, only selected users are allowed access to the medical records. All instances of access to sensitive data are subject to logging and alerts. 1066. The current approach enforces security of sensitive records through a corrective mechanism authorised persons have almost unrestricted access to the records, but there is a strict ex post facto audit process for inappropriate accesses. This process is purely retrospective, as it occurs after damage may have been incurred. Particularly when an attacker has stolen credentials and is masquerading as an authorised user, an ex post facto audit process would be ineffectual in preventing breaches of sensitive data. Requiring FA to access the EMR, and sensitive medical records in particular, would significantly reduce the risk of such records being compromised. 1067. Database-level controls. During the Cyber Attack, there were no database- level controls that would have restricted the querying of sensitive data using SQL commands. This was a significant omission in the security of the SCM database, and was exploited by the attacker, who ran multiple queries to retrieve medical records of PM Lee. 1068. Leong Seng testified that a DAM solution, which is currently being tested by IHiS, is capable of monitoring and blocking attempts to access specific
