Healthcare

SingHealth COI Hearing Reveals Management Inaction On Security Loophole Discovered In 2014

25 September - 2 October 2018

The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack.
Cyber_News_Healthcare
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack. An IHiS employee had discovered the loophole in the EMR system, which had been supplied by Allscripts Healthcare Solutions. But he emailed the information to Allscript’s rival Epic Systems because he was upset with IHiS and Allscripts for not allowing him to do coding. IHiS fired the employee but no action was taken to investigate and fix the loophole. Additionally, the COI heard that the server accessed by the hackers had missed security updates for more than a year. 

References:
[1] COI examines alleged security ‘loophole’ discovered in 2014 in SingHealth system
[2] COI on SingHealth cyber attack: Server accessed by hackers missed security updates for over a year

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence