SingHealth cyberattack: Pause lifted on new ICT systems

SingHealth cyberattack: Pause lifted on new ICT systems

A pause on new information and communications technology (ICT) systems that was put in place following a cyberattack on SingHealth's system has been lifted, two agencies said on Friday (Aug 3). 

SINGAPORE: A pause on new information and communications technology (ICT) systems that was put in place following a cyberattack on SingHealth's system has been lifted, two agencies said on Friday (Aug 3).

The Smart Nation and Digital Government Group (SNDGG) has completed its review of cybersecurity policies and will implement additional measures for critical government systems to detect threats, it said in a joint statement with the Cyber Security Agency of Singapore (CSA).

The pause was put in place after the most serious breach of personal data in Singapore's history took place in June, with 1.5 million SingHealth patients' records accessed and copied, including Prime Minister Lee Hsien Loong's

Health Minister Gan Kim Yong had apologised for the attack, which he called unprecedented. 

READ: If they were looking to embarrass me, they would've been disappointed – PM Lee on SingHealth cyberattackers

CSA has also instructed the 11 Critical Information Infrastructure (CII) sectors to increase security by taking additional measures. 

These measures including removing all connections to unsecured external networks, mediating open connections through unidirectional gateways – which allow data to travel only in one direction – and implementing a secured informational gateway, if two-way communication between a secured network and an unsecured external network is required. 

READ: Did authorities respond fast enough to Singapore’s worst personal data breach?

The Government, which is one of the 11 CII sectors, has implemented such measures over the last three years. 

For example, the work computers of all 143,000 public officers do not have Internet access. Officers are only able to use the Internet on mobile devices or computers not connected to the internal network. They are also barred from using unauthorised USB drives.

However, the agencies also warned it is not possible to completely eliminate the risk of cybersecurity attacks. 

"We will not allow such incidents to hold us back in building a Smart Nation and Digital Government," the statement said. 

"We need to persist in our efforts to harness the potential of the digital age, while building deeper expertise in cybersecurity so that we can do so confidently."

Source: CNA/ng(cy)

Bookmark