The biggest news last month was the SingHealth cyberattack that took place between end-June and early last month.

The attack target Prime Minister Lee Hsien Loong's health records. Attackers managed to steal non-medical data from 1.5 million patients.

Several questions in Parliament yesterday (Aug 6) were directed at the Ministry of Health about the hack and what is being done. 

Health Minister Gan Kim Yong responded to those questions and Minister for Communications and Information S Iswaran delivered a Ministerial Statement on the attack and the Government's response to it.

1) All S'pore public healthcare clusters are now air-gapped, but it's been really troublesome

Quick clarification: "air-gapping" means to separate computers from the internet, completely — this ensures that there is no way for anyone who shouldn't get access to the system to do so. The government calls this "internet surfing separation".

Gan said he made the tough decision to implement this for SingHealth on the evening of July 19, the day before the attack was announced to the public the next day, because investigators noticed that there was malicious activity happening on the SingHealth data system all the way up till then.

The other two groups, the National University Health System and the National Healthcare Group, cut off their systems from the internet on July 23.

[related_story]

Gan noted that the folks at the Integrated Health Information Systems (the guys who look after the IT systems for the public healthcare sector) were already looking at how possible it would be to air-gap the entire public healthcare sector's data systems before SingHealth's data servers were attacked.

Even looking overseas, they found that in Hong Kong and the U.S., for instance, healthcare systems there aren't completely air-gapped.

One solution: virtual browsers

One thing they're working on implementing is something called a "virtual browser", that allows internet access through a set of quarantined servers — this will be put in place alongside another thing called "Advanced Threat Protection", which provides defence against, well, advanced cyberattacks.

But this will take some time — advanced threat protection was scheduled to be rolled out fully only by the end of this month, while a trial with virtual browsers is only going to conclude next month — so as a stop-gap, Gan made the call to air-gap the system first, with engineers putting in temporary workarounds.

Gan also acknowledges there are still problematic areas that haven't yet been resolved by the workarounds, in particular referrals to private sector partners and the process of retrieving results of tests from the system. These, with all other processes that have been slowed down thanks to air-gapped computers, will affect the efficiency of the systems as a whole.

What this means for you:

Longer waiting time, slower consultations, delays in getting your test results, in checking your Medisave accounts and in making your claims. Gan has also not ruled out keeping some parts of Singapore's public healthcare system air-gapped permanently, but acknowledges more long-term mitigation solutions are needed before this can happen.

2) Why the government took so long before it told the public about the cyberattack

In brief, because there was heck of a lot to go through.

• First, they had to make sure it really was a cyberattack.
• Then, they had to investigate what, whose and how much data was stolen.
• After that, they had to scour the system to make sure no other data was taken or compromised, or destroyed or edited.
• And then they had to check all the other public healthcare and government systems that held data too.

Gan also added this, in response to a follow-up question from Aljunied MP Sylvia Lim:

"... as late as the 19th of July there were still malicious attacks, activities in the data system, and that is why we had to impose ISS on the 19th evening.

So that on the 20th, when we disclosed to the public, we were quite confident that the system had been stabilised and at the same time we have sufficient information to share with the public how the incident happened, what were the data that were compromised, and who were the patients that were affected.

And all these require time to prepare, and therefore it's important for us to ensure that our information given to the public is accurate as far as we are able to ascertain."

3) A bit more about the attackers

Minister S Iswaran said the attack was the work of what is called an Advanced Persistent Threat (APT) group, which:

• Is typically state-linked
• Is a class of sophisticated cyber-attackers, and
• conducts extended, carefully-planned campaigns to steal information or disrupt operations.

He said the way this attack was done fits the profile of certain known APT groups but in the interest of national security, the government isn't going to say who they think did it.

Iswaran notes that APT groups were responsible for the hacking of the U.S. Democratic National Committee in 2016, for instance, as well as the theft of more than 20 million personnel records from the United States Office of Personnel Management in 2014.

APT groups also attacked the National University of Singapore as well as Nanyang Technological University last year.

Investigators from the Cyber Security Agency of Singapore discovered also that the attackers had used customised malware to infect the front-end computer that it used to access the system, while covering their tracks as they went so SingHealth's existing antivirus software and security tools were unable to detect them.

Ultimately, though, both ministers stressed the importance of Singapore continuing on its trajectory toward digitalisation to better our society. Because it doesn't make sense to backtrack just because of attacks on our system. Gan aptly puts it as "digitalisation, technology and use of data in healthcare have brought many benefits to patients.  We cannot return to the days of paper and pencil."

Read more about the other stuff discussed in Parliament:

Top images: screenshots via Parliament videos