SingHealth cyberattack: Internet surfing delinked at all public healthcare clusters

SingHealth cyberattack: Internet surfing delinked at all public healthcare clusters

Temporary Internet Surfing Separation (ISS) - one of the measures used to step up security following the cyberattack on SingHealth's IT system - has been implemented at the National Healthcare Group (NHG) and National University Health System (NUHS), the health ministry said in a press release on Monday (Jul 23). Chan Luo Er with the details.

SINGAPORE: Temporary Internet Surfing Separation (ISS) - one of the measures used to step up security following the cyberattack on SingHealth's IT system - has been implemented at the National Healthcare Group (NHG) and National University Health System (NUHS), the health ministry said in a press release on Monday (Jul 23).

This follows the implementation of ISS at SingHealth on Friday, which was in response to the major unprecedented cyberattack on its IT system, in which Prime Minister Lee Hsien Loong was a target.

With NHG and NUHS both adopting the safeguard measure, all public healthcare clusters are now delinked from Internet surfing.

"The decision to impose ISS is part of the effort of the public healthcare family to strengthen its IT systems against evolving cyber security threats, and more importantly, to safeguard the confidentiality of our patients’ data," said the Ministry of Health (MOH).

"We would like to assure all patients that their safety and care are our priority, and we will work to ensure that these are not compromised as a result of the implementation of ISS and various security measures," it added.

In addition to ISS, other measures that have been put in place to improve IT security include additional controls on workstations and servers, reset of user and systems accounts, and the installation of additional system monitoring controls on IT systems, according to MOH's release.

The move comes after an unprecedented cyberattack at SingHealth, which saw 1.5 million patients' records accessed and copied. Of those patients, 160,000 had their outpatient dispensed medicines' records taken. 

The news of the cyberattack was announced on Jul 20.

EXPECT DELAYS SAYS MOH

MOH also cautioned that during this period, patients may experience longer waiting times for consultations, test results and delays in checking their Medisave accounts or making claims, MOH said.

This is because public healthcare institutions rely on accessing other systems through the Internet to deliver multiple services, including the reading of diagnostic reports from laboratories, submission and retrieval of results from screening databases, and birth and death registrations.

As such, some public healthcare institutions, including the polyclinics and community hospitals, will be affected.

As an interim alternative, departments that require Internet access will have to share separate workstations for connection to the Internet.

NHG said in response to queries from Channel NewsAsia that Internet surfing has been delinked for all corporate-issued devices.

Staff, however, are still able to use the Internet in the office via NHG Internet-enabled, standalone laptops. These laptops, which are not linked to the corporate network system, are distributed to departments that need to access information for work via the Internet, it said.

"There will be initial inconvenience to patients, staff and the public during this period. We seek everyone's patience and kind understanding should they experience some delays or inconvenience," said Mr Ho Khai Leng, Group Chief Information Officer, NHG.

LONGER TURNAROUND TIMES

For NUHS and its hospitals, some of the financial assistance and routine claims for bills that are done on websites will now have to be prioritised, planned and scheduled to be done in batches, which may result in a longer turnaround time, a spokesperson told Channel NewsAsia. 

"There are some vendor managed systems that depend on Internet access and some modifications to workflow will have to be implemented," the spokesperson said in response to queries. 

NUHS is also working with partners to boost the bandwidth and coverage of Wireless@SG at its premises.

NUHS also said that most of its IT systems run off the corporate network and was not affected by the Internet separation. These include their major clinical systems and applications such as electronic health records and patient care services situated within its intranet. 

READ: SingHealth cyberattack: What you need to know

"There will be some inconvenience for patients and healthcare staff, as a result of the unavailability of some IT system connections that require the Internet," MOH said.

"We seek the understanding of patients and the public as our teams work through the issues that arise on the ground," the ministry added. 

Senior Minister of State for Health Lam Pin Min visited Tan Tock Seng Hospital on Monday to observe the operational impact of ISS on the ground and said that he was happy to note that patient care was not affected.

In a Facebook post, he said: "TTSH staff are taking the various inconveniences and administrative challenges in their stride while interim alternatives are being deployed."

READ: SingHealth will notify patients affected by cyberattack; Government to order Committee of Inquiry

SingHealth has also contacted patients who visited SingHealth's specialist outpatient clinics and polyclinics between May 1, 2015, and Jul 4 this year to inform them if their data was affected.

More than 700,000 patients had received SMS notifications from the healthcare group as of Saturday.

SingHealth cyberattack: Who's affected 2

Source: CNA/na

Bookmark