Professional Documents
Culture Documents
Key Lessons From The Public Report of The Committee of Inquiry (Coi) On Singhealth Cyber Attack
Key Lessons From The Public Report of The Committee of Inquiry (Coi) On Singhealth Cyber Attack
February 2019
Table of Contents
1. Introduction 3
3. PwC’s perspectives 6
5. Conclusion 10
2
Introduction
A cyberattack of unprecedented scale and Here is our summary of the key takeaways from
sophistication in Singapore was carried out on the COI’s Report, our perspectives and
Singapore Health Services Private Limited recommendations on the immediate actions that
(SingHealth) in June-July 2018. In what is touted organisations should take to lever up their cyber
as Singapore’s worst ever cyber data breach, defence based on the lessons learnt from the
hackers exfiltrated personal data and medication SingHealth incident.
records of 1.5 million citizens, including that of
Prime Minister Lee Hsien Loong.
3
COI Report on
SingHealth cyberattack
16 Key recommendations
People Process
Enhanced safeguards must be put in place to A robust patch management process must be
protect electronic medical records implemented to address security vulnerabilities
Domain controllers must be better secured A software upgrade policy with focus on security
against attack must be implemented to increase cyber resilience
An internet access strategy that minimises
Partnerships exposure to external threats should be
implemented
Incident response plans must more clearly state
Partnerships between industry and government to
when and how a security incident to be reported
achieve a higher level of collective security
A post-breach independent forensic review of the
network, all endpoints and the Sunrise Clinical
Manager system should be considered
5
PwC’s perspectives
7
Conclusion
Attacks of greater sophistication and by actors with If you have any queries, please do not hesitate
greater resources will happen, or are already on- to call your usual PwC contacts or any of the
going. Singapore’s digitisation efforts through the following PwC subject matter experts:
SMART Nation initiatives will greatly benefit the
population and economy, but will also increase the
Tan Shong Ye
surface area that attackers can target.
Digital Trust Leader
The onus is on leaders of every organisation to be shong.ye.tan@sg.pwc.com
cognisant of the ever-changing cyber threats, take
ownership of the strategy to address the risks and Jimmy Sng
Partner, Cybersecurity
personally lead the effort to protect your
jimmy.sng@sg.pwc.com
organisation.
Freddy Wee
Partner, Cybersecurity and Privacy
freddy.wee@sg.pwc.com
© 2019 PricewaterhouseCoopers Risk Services Pte. Ltd. All rights reserved. PwC refers to the PricewaterhouseCoopers Risk Services Pte. Ltd. member
firm and may sometimes refer to the PwC network. Each member firm is a separate legal entity. This content is for general information purposes only and
should not be used as a substitute for consultation with professional advisors.
10