MOH to test virtual browser for healthcare staff Internet access
As the Ministry of Health (MOH) tests a virtual browser at the National University Health System (NUHS), all other public healthcare staff will remain cut off from the Internet.
If the virtual browser is found to be effective, MOH will look to implement a tiered model of Internet access, Health Minister Gan Kim Yong said in a statement yesterday.
Under this model, Internet surfing separation (ISS) will likely remain for the majority of healthcare staff.
For those who need access to intranet systems and the Internet on the same device, the virtual browser may be the best solution, Mr Gan said.
Temporary ISS was implemented across the public healthcare sector after the attack on SingHealth's patient database last June, as suspicious activity was found even after initial containment actions were taken.
But it has posed challenges in patient care and caused delays to frontline patient management and backend administrative tasks, Mr Gan said.
A virtual browser, which the ministry had been experimenting with before the SingHealth breach, allows access to the Internet through strictly controlled and monitored client servers, said Mr Gan, who likened it to a decontamination room.
An earlier trial showed it is technically feasible.
For the six-month NUHS pilot, which starts this quarter, it will be deployed in selected job functions at some departments and clinics, such as frontline pharmacists and emergency department clinicians, to assess its effectiveness in meeting operational and security needs.
"Though such a solution does not fully eliminate cyber security risks, it reduces the attack surface significantly," Mr Gan said.
MOH is also reviewing the National Electronic Health Record (NEHR) system.
It will continue to defer the mandatory requirement for all healthcare institutions to contribute patient data to the NEHR until tests are complete.
A decision on NEHR contributions can be expected by year-end.
Other measures that will be put in place include separating the roles of MOH's chief information security officer and Integrated Health Information Systems' (IHiS) director of cyber security governance, which were previously held by the same person.
IHiS will also be conducting realistic, hands-on simulation training and will start bug bounty and vulnerability disclosure programmes.