COI Report – Part IV
Page
104 of
425 Witness marking Name Designated Role Roles in response to the Cyber Attack SingHealth Senior Management W31
Kwek
Yung
Chiang Kenneth Deputy Group Chief Executive Officer Organisational Transformation and
Informatics),
SingHealth Took direct charge of patient outreach and communications efforts.
18.3 Knowledge of and preparedness against APTs as at June 2018 292. In order to properly assess the incident response, it is necessary to first ascertain the extent of knowledge that IHiS and SingHealth had of APTs at the time of the attack, and who had such knowledge.
293. IHiS has informed the Committee that they were alive to the risk of APTs from as early as August 2016, and had begun sourcing for an Advanced Threat Protection (“
ATP”) solution at around that time to address this threat. Bruce has explained that the deployment of ATP was
originally scheduled for FY, but they faced delays in finding a suitable vendor. Eventually, the vendor was identified in June 2018, but the ATP solution was not yet implemented throughout the period of the Cyber Attack.
294. Towards the end of 2016, the Cluster ISO for SingHealth, Wee, prepared a risk assessment report for the SCM system. This risk assessment report, titled
“
SHS & EHA IT Security Risk Assessment for Critical Information Infrastructure System” (the “
FY16 CII Risk Assessment”) was dated 3 January 2017. The threat of APTs was flagged in two respects a) First, at Item 7, the threat of “
Malware Attacks (Virus, Worms, Trojans, Rookits, Advanced Persistent Threats, etc.)” was
