1.7m firewall bypass attempts on S'pore's healthcare IT systems blocked every month: MOH

National healthcare IT provider Synapxe also blocks and average of an average of 3,000 malicious emails daily.

Khine Zin Htet | November 24, 2023, 09:30 AM



National healthcare IT provider Synapxe blocks an average of 3,000 malicious emails daily and 1.7 million attempts to bypass internet-facing firewalls every month, Minister of Health Ong Ye Kung revealed in a parliamentary reply on Nov. 22, 2023.

Singapore's public healthcare institutions experienced a seven-hour internet access disruption on Nov. 1, 2023, with services requiring internet applications like websites being inaccessible.

It affected all public healthcare clusters — SingHealth, the National Healthcare Group and the National University Health System.

Disruption triggered by abnormal spikes in internet traffic

Responding to questions by Members of Parliament (MPs) Pritam Singh, Melvin Yong Yik Chye and Poh Li San about the cyberattack on SingHealth's systems, Ong attributed the internet connectivity disruption to "abnormal spikes in internet traffic", also known as a Distributed Denial-of-Service (DDoS) attack.

The abnormal traffic circumvented the anti-DDoS blocking services and overwhelmed the firewall, he explained.

This caused the firewall to filter out the traffic and other services requiring internet connectivity, including websites and internet-reliant services, which became inaccessible.

No evidence internal systems were compromised

Ong said that national health tech agency Synapxe receives and blocks an average of 3,000 malicious emails per day and 1.7 million attempts to bypass internet-facing firewalls monthly.

Even though the attack on Nov. 1 had caused a seven-hour internet access disruption, Ong said that patient care was not compromised.

Mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records, continued uninterrupted.

He said there was also no evidence to indicate that public healthcare data and internal networks were compromised

Enhanced measures since disruption

MP Jessica Tan Soon Neo asked if the government had any insight into the motive of the DDoS attack.

Ong replied that those who deploy DDoS have a variety of motives, from hacktivism to petty misdemeanors.

"The defences against DDoS attacks will have to constantly evolve to keep up with developing threats.

The public healthcare sector will take this opportunity to learn from the episode, and review its defences against DDoS attacks, and to improve its incident response and recovery time."

Safeguards to protect S'pore's other critical systems

MP Sylvia Lim also asked for steps to upgrade protections to Singapore’s key civilian services and infrastructure and reduce such disruptions.

Minister for Communications and Information Josephine Teo said in a written reply that the government and system owners will mitigate and manage these risks considering how critical a given system is.

"We allocate more resources to harden the most critical systems and ensure a baseline of measures for all systems," she added.

For instance, she revealed that in 2022, government agencies maintained an availability uptime of at least 99.5% for most of Singapore's 13 critical systems, which is equivalent to less than four hours of unscheduled downtime per system per month.

Sector regulators also impose requirements on service providers in their respective sectors, such as requirements for service availability in the telecommunications, banking and healthcare sectors.

While some disruption might be inevitable, prolonged disruptions should not be the norm, she said.

"In addition to prevention, we must also focus on recovering quickly."

Cybers security agency reviewing measures

Teo said MCI has been reviewing its measures to ensure they remain relevant and fit for purpose.

For example, the Cyber Security Agency (CSA) is reviewing the Cybersecurity Act to look beyond CII and consider other digital infrastructure and services important to the nation, Teo shared.

CSA identifies and regulates Critical Information Infrastructure (CII) necessary to provide essential services in sectors such as government, infocomm, banking and finance, and others.

MCI will provide more details when ready.

Top photo from NUHS