SINGAPORE (Nov 5): More details surrounding the SingHealth data breach in June have emerged as the Committee of Inquiry (COI) hearings resumed this past week on the worst such case in Singapore. A main cause of the long lapse between the breach and the alert to the Cyber Security Agency (CSA) of Singapore was the reluctance of Integrated Health Information Systems (IHiS) senior manager Ernest Tan to report the suspicious network activity to his superiors.

When Tan’s subordinates first raised suspicions on June 26 of an account accessing the server, he found it “weird” but “was not concerned”, as he was not convinced that was the case. At the next instance of suspicious activity, in which the attackers entered the Sunrise Clinical Manager (SCM) database, Tan’s subordinates urged him to escalate the matter.

But he chose to try to contain the incident. “I thought to myself: If I report the matter, what do I get? If I report the matter, I will simply get more people chasing me for more updates,” he told the COI on Oct 31.

To continue reading,

Sign in to access this Premium article.

Subscription entitlements:

Less than $9 per month
3 Simultaneous logins across all devices
Unlimited access to latest and premium articles
Bonus unlimited access to online articles and virtual newspaper on The Edge Malaysia (single login)

Stay updated with Singapore corporate news stories for FREE

Follow our Telegram | Facebook