NMRA #DataScam : Who is the Mastermind?

COLOMBO (News 1st);  Deputy Solicitor General Dileepa Peiris has informed the Colombo Magistrate’s Court that the deletion of data from the National Medicine Regulatory Authority's database could be the result of a conspiracy hatched by the medical mafia that cashes in by importing medicines and medical devices.

The Deputy Solicitor General appearing for the Attorney General made these remarks when the case over the deletion of data from the NMRA's database was taken up today.

Today the Colombo Magistrate's Court lifted the order issued preventing an upgrade on the Lanka Government Cloud server managed by the ICTA.

Courts earlier issued an order preventing an upgrade on the system as the Attorney Generals department argued that key forensic evidence could be lost in the process.

However, this order was lifted today.

Chairman of the Information and Communication Technology Agency (ICTA) Oshada Senanayake said the Lanka Government Cloud has many tenants and the upgrade cannot be stopped based on an incident related to just one single tenant, adding that this issue is between the NMRA and the particular vendor.

The deletion of highly sensitive data from the NMRA's database on the Government cloud was reported on the 9th of July whilst Sri Lanka was in the throes of a COVID-19 wave.

Deputy Solicitor General Dileepa Peiris appearing in Court today noted that the deleted data relates to names of companies that import “medicines and medical devices” to the country, and their inventory.

He told court that the deletion of data from the NMRA database would pave the way for companies that import these drugs & items to dictate prices in the local market according to their whims and fancies.

The Deputy Solicitor General also told the court that Epic Lanka Technologies is responsible for the security of the Database and that it had failed in its duty to do so.

He also apprised court that an extensive investigation was taking place over this matter.

The CEO of Epic Technologies Tharindra Kalpage did not appear in court when the case was taken up today.

The case will be taken up again on the 9th of December.

Did The ICTA, which provided consultancy services for the protection of the NMRA database, include clauses in the agreement for a BACKUP?

How did Epic Technologies enter the data onto a cloud database, WITHOUT a DISASTER RECOVERY SYSTEM?

According to the official website of Epic Lanka Technologies, the National Medicines Regulatory Authority (NMRA) of Sri Lanka partnered with Epic Technology Group, supported by the Information & Communication Technology Agency (ICTA) of Sri Lanka to streamline its operations and services.

Therefore, concerns have been raised as to why the Information & Communication Technology Agency (ICTA) of Sri Lanka is not being held accountable over this process, as it is the ICTA that operates the Lanka Government Cloud.

On the 13th of January 2020, Secretary to the President in a circular to all Secretaries of Ministries and Heads of Government Institutions said that government agencies are implementing IT bases solutions in isolation and were therefore directed to implement ICT/digital solutions under and overall management and supervision of the Information & Communication Technology Agency (ICTA) of Sri Lanka.

The circular makes it clear that ICTA cannot wash its hands off this very serious matter, which ultimately is about the security of sensitive data hosted on the Sri Lankan Government Cloud, a system that should be protected as a matter of National Security.

On the 02nd of March 2021, Secretary to the President in another circular noted that non-compliance of the circular was observed by several state institutions, and explanations were called from officials responsible for disregarding the instructions.

The question that cries out for an answer is this: Doesn't this situation pose a direct threat to DATA maintained by other state bodies within the Sri Lanka Cloud as well?

This is what the Chairman of the NMRA had to say about the Disaster Recovery Process.

"On the 18th of February 2021, a discussion had taken place between the NMRA and the ICTA on the 'Data Infrastructure Upgrade Solution' for the NMRA. The discussion was raised at a board meeting several months later, however, it did not move forward from that point," said Dr. Rasitha Wijewantha.

So according to the Chairman, a Disaster Recovery Plan was not important enough to be discussed and implemented for a system that involved data as important as the nation's approved pharmaceuticals and medical devices.

Isn't this the responsibility of the ICTA, which overlooks and is directly responsible for the Government Cloud?

The Sri Lanka National Cloud isn't just a server sitting somewhere in the backroom of a data center. It is THE national repository for Data that is of national importance. How is it possible that data stored within the security of this system is deleted, and then, NO recovery option is available?

Deputy Solicitor General Dileepa Peiris told the court today that the DataScam could be the result of a conspiracy hatched by the medical mafia.

If it is the result of the Medical Mafia...

WHO IS THE MASTERMIND behind it?