Contact Contact Us

SingHealth COI Hearing Reveals Management Inaction On Security Loophole Discovered In 2014

The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack. An IHiS employee had discovered the loophole in the EMR system, which had been supplied by Allscripts Healthcare Solutions. But he emailed the information to Allscript’s rival Epic Systems because he was upset with IHiS and Allscripts for not allowing him to do coding. IHiS fired the employee but no action was taken to investigate and fix the loophole. Additionally, the COI heard that the server accessed by the hackers had missed security updates for more than a year.

[1] COI examines alleged security ‘loophole’ discovered in 2014 in SingHealth system
[2] COI on SingHealth cyber attack: Server accessed by hackers missed security updates for over a year

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883