Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page65/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   61   62   63   64   65   66   67   68   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part III
Page 73 of 425

databases). In elaborating on the inefficiencies that may result with having different sets of tools, Lum mentioned that “the database administrator may have
to manage different tools and may get confused at which one to launch”, and may end up being blocked by firewalls when attempting to use the wrong tool.
214. As for the custom applications, Lum has clarified that there were a few such custom applications. These applications were developed in-house and were not part of the Allscripts product. From a technical standpoint, the code base of some of these applications were dated, and sometime would be required for their compatibility to be assessed before they could be migrated to the H-Cloud servers. While the applications could not have been migrated together with the SCM system in June 2017, there were plans to migrate these applications by September
2018. This was a deadline driven by the end-of-support for the software on the
SGH Citrix servers. However, Lum has confirmed that with proper planning and resources, the applications could have been migrated earlier.
215. The Committee also notes that initially, IHiS had informed CSA that the
SGH Citrix servers and the network connectivity were maintained to provide backup connectivity to the SCM database. It was however clarified subsequently that this would not be technically possible, as the SGH Citrix servers, without the necessary upgrading, were not compatible with the latest version of the SCM application installed on the H-Cloud Citrix servers. The need for backup connectivity was thus not a reason for maintaining the network connectivity between the SGH Citrix servers and the SCM database.
216. A basic security review of the network architecture and connectivity between the SGH Citrix servers and the SCM database could have shown that the open network connection created a security vulnerability. However, no such review was carried out. Woon Lan has confirmed that following the migration of the SCM system to H-Cloud, the network architecture of the SGH data centre was not redesigned. Ong has explained that network architecture “is reviewed
when there is a major change in infrastructure or needs”, and that “(t)he SCM
migration in June 2017 would not have involved a change in infrastructure in
the SingHealth Sector”. It is surprising to the Committee why the migration of


Download 5.91 Mb.

Share with your friends:
1   ...   61   62   63   64   65   66   67   68   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy