SingHealth cyberattack: MOH studying virtual browser solution to better protect public healthcare IT systems
SINGAPORE: The Ministry of Health (MOH) is studying and piloting a virtual browser solution for public healthcare IT systems, which will reduce the number of potential attack points, Health Minister Gan Kim Yong said in Parliament on Monday (Aug 6).
“This enables users to access the Internet more safely via a set of quarantined servers,” Mr Gan said in a ministerial statement. He was responding to questions related to the SingHealth cyberattack last month from members including chairman of the government parliamentary committee of health Dr Chia Shi Lu.
The cyberattack resulted in the personal particulars of 1.5 million SingHealth patients including Prime Minister Lee Hsien Loong being accessed and copied. Of this, 160,000 also had information on their outpatient dispensed medicines accessed. However, no phone numbers, passwords or credit card information were accessed.
He added that an ongoing pilot on virtual browser was scheduled to be completed by September this year.
Mr Gan said the virtual browser solution will be complemented by the deployment of Advanced Threat Protection (ATP), which will provide further defence against advanced cyberattacks.
The deployment of ATP had been initiated before the SingHealth incident and is expected to be completed by end of this month, he added.
“Nevertheless, given the urgency of the matter, we went ahead to implement ISS, albeit as a temporary measure,” he said.
ISS was implemented for SingHealth since July 19, and National University Health System and National Healthcare Group have done so since July 23, he said.
“Many healthcare systems in other countries have found it difficult to implement ISS for practical and operational reasons,” he said, adding that healthcare systems, such as Hong Kong’s Hospital Authority and Kaiser Permanante have not adopted full ISS.
Imposing ISS will limit avenues for attackers to enter and exit the healthcare clusters’ IT systems, he said, while acknowledging that ISS has “created some inconveniences and operational challenges for healthcare workers and patients”.
Areas that have been affected include reading of diagnostic reports from laboratories, video consultation and assessment of suspected stroke patients at the emergency department. Waiting times for consultation may also be longer as doctors may need to access references on the internet through a separate computer.
There remain some issues not yet fully resolved, Mr Gan said, such as referrals to private sector partners, and submission and retrieval of results from screening systems.
He said these do not compromise patient care and safety, but affect the efficiency of our healthcare delivery.
“As a result of the security measures, some patients may experience a longer wait for consultations and receive their test results, as well as delays in checking their MediSave accounts or making their claims. The productivity and efficiency of our services may also be affected in some cases,” the minister added.
To mitigate the challenges on the ground and allow the healthcare institutions to continue to operate safely, Mr Gan said engineers in the healthcare sector worked overnight and through the weekend to put in place temporary work-around solutions.
REASON FOR DELAY IN INFORMING PUBLIC
Workers' Party MP Sylvia Lim asked for the reason behind the delay in informing the public of the cyberattack.
The Government confirmed the attack on July 10, and made a police report two days later. A press conference was held by the Ministries of Health, and Communications and Information on July 20 to disclose the cyberattack.
In response, Mr Gan said that "multiple streams of work"were carrying on at the same during the 10 days. These included protecting the data, tracing to find out how the incident started, identifying the data that was compromised and patients who were affected.
As late as Jul 19, there were still malicious activities in the data system, and later that day, ISS was imposed, he added.
"When we disclosed to the public, we were quite confident that the system has been stabilised and at the same time we have sufficient information to share with the public," he said. This included how the incident happened, what data was compromised, and who the patients were.
"All these required time to prepare and therefore it's important for us to ensure that the information given to the public is accurate as far as we are able to ascertain."
Additional Reporting by Fann Sim