Internet separation on public healthcare computers could have disrupted cyber attack: DPM Teo Chee Hean, Politics News & Top Stories

SINGAPORE – Internet surfing separation could and should have been implemented for computers in the public healthcare sector, just as it had been done for the public sector, said Deputy Prime Minister Teo Chee Hean in the wake of the cyber attack on SingHealth, Singapore’s largest group of healthcare institutions. 

This would have gone some way in preventing the massive data breach announced last week, he added, saying that the attackers had gained entry into the SingHealth system through one of the front-end computers connected to the Internet used by “thousands of users in the medical and academic community”. He did not give the location of the computer that was breached.  

The hackers eventually made off with the personal information of more than 1.5 million patients in Singapore’s worst cyber attack. The data theft happened between June 27, 2018, and July 4, 2018.

Of the 1.5 million patients,  160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had their outpatient prescription information stolen as well.

Speaking at the Public Sector Engineering Conference 2018 at Resorts World Sentosa on Tuesday morning (July 24), Mr Teo said much was being done to prevent a future attack. He emphasised that Singapore cannot let the incident derail its Smart Nation push.

“We should not allow this incident to hold us back in building a Smart Nation and a digital government. We need to persist with our efforts to harness the potential of the digital age while building deeper expertise in our cyber security… to do so confidently,” said Mr Teo who is also the Coordinating Minister for National Security and Minister-in-charge of the Civil Service.

Commenting on the lessons learnt, he said that the incident had exposed weaknesses in the end-user workstations of the public health sector.

He noted that the computers in the public healthcare clusters have since been delinked from the Internet. 

The “sophisticated and persistent” intruder had circumvented security barriers at the intermediate layer, that manages and screens requests to the database for information, said Mr Teo.

He added that solutions are being implemented to address these weaknesses.

The case has shone a spotlight on the importance of prompt reporting of such incidents to cyber security authorities so that investigations can be carried out, he said. SingHealth’s IT operators had been able to discover the intrusion attempt and report it in a timely manner, he added.

He pointed out how in other jurisdictions, there had been instances where system operators were unaware of intrusions and the loss of large amounts of data until the data was published online or offered for sale on the dark Web.

Mr Teo said: “Of course, we are studying to see how this could have been detected and reported more quickly, preventing such a large data loss.”

He added that addressing the issue goes beyond implementing technical solutions. It also involves “addressing public concerns and confidence, communicating and explaining to the public and our own users as transparently as possible”.

To this end, a Committee of Inquiry chaired by retired chief district judge Richard Magnus has been appointed to look thoroughly into all aspects of the cyber attack, Mr Teo said.