SINGAPORE – Some “high-risk weaknesses” found during an internal audit in 2016 of the network link between Singapore General Hospital and cloud-based systems that host patient databases were not remedied, a high-level panel looking into SingHealth’s cyber attack heard on Thursday (Nov 1).
While it is not known if SingHealth’s attackers had exploited these weaknesses to access the patient databases, the new evidence pointed to more inadequacies at Integrated Health Information Systems (IHiS), tasked to run the IT systems of all public healthcare operators in Singapore.
Presenting a summary of what was heard privately on Wednesday (Oct 31), Solicitor-General Kwek Mean Luck said on Thursday (Nov 1) that IHiS’ operations team reported to upper management that actions had been taken to plug the flagged vulnerabilities but without anyone verifying that they had been done.
The Cyber Security Agency (CSA) of Singapore spotted the same vulnerabilities – along with others – in its investigations into June’s cyber attack on SingHealth that led to the biggest data breach here. The details of the “high-risk weaknesses” were not shared in open court hearings.
Giving his evidence before the four-member…
