The Singapore Government on Thursday released a public report which contained a detailed analysis of the large cyber attack that happened back in August 2017.
In the attack, the patient database of Singapore Health Services Private Limited (SingHealth) was accessed illegally. Private information related to around 1.5 million patients, including the Prime Minister of Singapore, was stolen by the attackers.
Post this year-long investigation, a report published by Committee of Enquiry(COI) had many insights worth learning from.
Key Findings and Recommendations
In the report, the committee mentioned the loopholes found in the patient information system division of SingHealth called Integrated Health Information Systems (IHiS).
Some of the key findings were as follows.
A total of sixteen recommendations were made with seven being labeled as ‘Priority Recommendations’ and nine under ‘Additional Recommendations’. The former part focused on having a rigid cybersecurity structure in both SingHealth and IHiS, while the latter pertained to various concerns such as technical improvements, organizational processes, staff training, and other process-related issues.
Aftermath
The report also mentions actions taken by the IHiS post the hack. A few of them include implementation of Client Advanced Threat Protection (ATP), introducing Information Security standards (ISS), improving organizational processes, and focusing on increased cyber situational awareness. Altogether, IHiS has taken several steps to reinforce their entire ecosystem after the breach.
Publisher