COI Report – Part IV
Page
98 of
425 21.1
Discovering failed logins to SCM database from Citrix Server 1 dating back to 24 May 2018 ............................................................................................ 123 Detecting further failed logins to the SCM database from Citrix Server 1 on
12 June 2018 ................................................................................................ 123 Discovering numerous instances of suspicious folders in Citrix Server 1 ... 124 Disabling logins to Citrix Server 1 and informing the CERT and Wee ...... 125 Assessment of IHiS’ incident response on 12 June 2018 ............................ 126
22EVENTS OF 13 JUNE 2018 ............................................................................ 12622.1
Meeting to update Benjamin on the events of 11 and 12 June 2018 and sharing of information with the CERT and Wee ......................................... 126 Followup action in respect of workstations used
in unauthorised logins to Citrix Server 1 .............................................................................................. 127 22.3
Setting-up the TigerConnect chat group ...................................................... 129 Detecting failed logins to the SCM database from Citrix Server 2 ............. 130 Removing the SA. account from the admin group ..................................... 133 Detecting failed logins to the SCM database from Citrix Server 4 ............. 133 Investigations into the account used to login to Citrix Server 4 and resetting the account password ................................................................................... 133 Determining that VM 2 was not a workstation issued by SingHealth ......... 134 Assessment of IHiS’ incident response on 13 June 2018 ............................ 135
Share with your friends: 
