SingHealth cyberattack: MOH mulling permanent Internet surfing separation for some parts of healthcare system
SINGAPORE: The Ministry of Health (MOH) is considering making temporary Internet Surfing Separation (ISS)- one of the measures used to step up security following the cyberattack on SingHealth's IT system - permanent for some parts of the public healthcare system.
Health Minister Gan Kim Yong announced the possibility of the change in Parliament on Monday (Aug 6), in a statement addressing questions from members regarding the SingHealth cyberattack last month.
“Although I said ISS was a temporary measure, now that it has been implemented, we will study the impact of ISS on the ground, and determine whether we can keep it as a permanent measure, at least for some parts of our healthcare system,” he said.
He acknowledged however, that the temporary ISS has caused operational issues. Areas that have been affected include reading of diagnostic reports from laboratories and video consultation and assessment of suspected stroke patients at the emergency department, he said. The team continues to be on the ground to resolve the problems that have arisen as a result of the ISS.
He said some issues have not yet been fully resolved, such as referrals to private sector partners, and submission and retrieval of results from screening systems.
He added that waiting times for consultation may also be longer as doctors may need to access references on the internet through a separate computer. Some patients may experience a longer wait for consultations and receive their test results, as well as delays in checking their MediSave accounts or making their claims.
“The productivity and efficiency of our services may also be affected in some areas,” he said.
“We will need to develop longer term mitigation solutions to overcome the operational issues if ISS is to stay,” he added.
He also spoke about the possibility of a virtual browser solution as an alternative to the ISS.
NO RETURN TO DAYS OF PAPER AND PENCIL
Responding to Tanjong Pagar GRC MP Joan Pereira’s question on the SingHealth cyberattack’s impact on the National Electronic Health Record (NEHR) system, Mr Gan assured members that the NEHR is a separate system that was not affected by this cyberattack.
Due to the need for the system to interface with multiple external partners, the NEHR is designed differently from the systems that were infiltrated, he said.
Nevertheless, recognising that the NEHR is an important national system of significant scale, as it will eventually house key medical records for all patients, the system will be put through a “rigorous independent external review” before contribution of electronic health records is made mandatory.
“We have engaged the Cyber Security Agency and PwC Singapore as independent third parties to help identify any vulnerabilities and recommend measures to address them. We must assure ourselves, users and patients that the necessary safeguards are in place, before we proceed with wider implementation of the NEHR,” he said.
He cautioned however that “we should not reverse our direction in the use of technology in healthcare”.
IT systems have allowed the healthcare sector to greatly improve the safety and effectiveness of patient care, he said. He gave an example of an emergency involving an unconscious patient, and how access to his medical history in the NEHR would help doctors prescribe more effective medication and treatment in a timely manner.
When patients receive care beyond the hospital, integration of IT systems allows easier referrals across settings and enables better team-based care and more effective emergency response, he added.
“Digitalisation, technology and use of data in healthcare have brought many benefits to patients. We cannot return to the days of paper and pencil,” he said.