SingHealth cyberattack: IHiS announces measures to protect healthcare sector against online threats

SingHealth cyberattack: IHiS announces measures to protect healthcare sector against online threats

person using computer
A person using a laptop. (File photo: AFP)

SINGAPORE: Singapore’s central IT agency for the healthcare sector – the Integrated Health Information Systems (IHiS) – has announced a slew of measures to strengthen cybersecurity across Singapore’s public healthcare system following the recent SingHealth cyberattack.

In a media release on Thursday (Nov 1), IHiS outlined the measures which include two-factor authentication for local administrators, complex passwords managed centrally as well as added training for the security team to boost their understanding of advanced hacker tools.

It stressed that these measures will help to improve Singapore healthcare system’s capacity to prevent cyberattacks and strengthen its ability to “detect and respond should an intrusion take place” on its critical systems.

In June this year, 1.5 million SingHealth patients’ records were accessed and copied and 160,000 of them had their outpatient medication data extracted in what was described as the "most serious breach of personal data” in Singapore’s history.

Among those affected was Prime Minister Lee Hsien Loong, with the attackers targeting his personal particulars and information about his outpatient dispensed medicines.

READ: If they were looking to embarrass me, they would've been disappointed: PM Lee on SingHealth cyberattackers

Since September, a Committee of Inquiry has been holding public hearings as it investigates what happened during the data breach.

READ: SingHealth COI: IHiS officer’s reluctance to report suspicious IT incidents shown up in court

Meanwhile, IHiS said in its latest media release that it has identified and initiated further measures that are being implemented progressively to enhance its capabilities to prevent, respond and detect cyber threats.  

This includes expediting the planned implementation of Client Advanced Threat Protection (ATP), a security solution which, according to IHiS, blocks threats based on exploit techniques and sophisticated malware used by advanced threat actors.

As of Oct 26, the Client ATP has been deployed in more than 6,000 servers and over 60,000 endpoint devices such as PCs, laptops and others. IHiS said full deployment is expected to be completed by the end of the year.

IHiS added that it has implemented Temporary Internet Surfing Separation (ISS) across the public healthcare sector earlier as a precaution.

This means computers that are connected to the internal networks and systems cannot be used to access the Internet. To access the Internet, healthcare staff will need to use separate terminals which are not connected to internal networks and systems. 

The agency is also studying the possibility of using a virtual browser solution, where staff can only access reproduced content on the web to minimise risk of downloading or executing malicious files which may reside on the original sites.

IHiS has also identified and initiated 18 security measures that are being implemented progressively.

To address advanced persistent threats by sophisticated actors, IHiS said it has initiated two-factor authentication for endpoint local administrators who manage end-user devices and installation of software.

“An expanded suite of managed security services will be implemented via the Advanced Security Operations Centre, including proactive threat hunting, threat intelligence, response services, and more,” said IHiS.

Meanwhile, to further prevent the use of weak passwords, IHiS is enhancing the access management capability to manage complex passwords centrally, and automatically update and protect administrator accounts, the agency added. 

“The access management will be boosted with threat analytics to provide earlier detection of suspicious account activities by applying a combination of statistical modelling, machine learning, as well as behaviour analytics to identify unusual activities, and respond faster to threats,” said IHiS.

Additionally, to secure the network against unpatched equipment, the access control will be enhanced to allow only authorised devices that are patched with the updated anti-virus and anti-malware signatures to join the network.

IHiS is also enhancing the security of its Allscripts Sunrise Clinical Manager (SCM) infrastructure to strengthen security and reduce risks for the SingHealth SCM database.

“Database activity monitoring for SCM, which processes an average of 42,000 queries per second, is already in place and is being enhanced with more comprehensive blocks and alerts on execution of bulk queries,” said IHiS. 

As a precaution, IHiS said it will conduct “a comprehensive review of cybersecurity safeguards for key systems including the Electronic Medical Record systems for all public healthcare clusters”.

The National Electronic Health Record system is also being reviewed and tested by GovTech and the Cyber Security Agency of Singapore, as well as by PricewaterhouseCoopers (PwC), an independent IT consultant.

“This will ensure that these systems have adequate and appropriate cybersecurity measures to safeguard patient data,” added IHiS.

Other than infrastructural and software enhancements, IHiS said it has also improved its organisational processes and standard operating procedures (SOPs) to reduce the risks and impact of human errors.

“For example, IHiS has instituted a requirement for suspicious IT incidents to be reported within 24 hours, even if initial investigations cannot determine that they are security incidents. Additional checklists will be progressively put in place to ensure compliance with the SOPs,” it added. 

READ: SingHealth COI: IHiS officer’s reluctance to report suspicious IT incidents shown up in court

The agency also highlighted that it has stepped up staff engagement to heighten vigilance against potential threats. This includes increased alerts and reminders to staff, as well as planned roadshows and briefings on cybersecurity.

Training for the security team will also be strengthened to enhance their ability to prevent, detect, and respond to advanced and evolving cyber threats. “This includes understanding advanced hacker tools, techniques and exploits, in-depth intrusion detection and advanced digital forensics,” said IHiS. 

Source: CNA/nc