Slew of measures to boost security of public healthcare IT, Latest Singapore News - The New Paper
Singapore

Slew of measures to boost security of public healthcare IT

This article is more than 12 months old

IT vendor that runs all systems of public healthcare operators here introduces new procedures after July's massive cyber attack

The cyber attack on SingHealth's network in June has prompted a slew of new measures at its IT vendor, including a requirement to report suspicious IT incidents within 24 hours.

In a statement yesterday, Integrated Health Information Systems (IHiS) - which runs the IT systems of all public healthcare operators here - said the new procedure, along with 18 other new technical measures, will "reduce the risks and impact of human errors".

Its statement comes amid an ongoing Committee of Inquiry (COI) into the cyber attack that led to the biggest data breach here.

Testifying before the COI panel yesterday, IHiS chief executive Bruce Liang said it needs to promote a culture that accepts the reporting of suspicious activities even if they may be a false alarm.

"It is okay to report things you are not sure about," he said, when Solicitor-General Kwek Mean Luck asked what steps he would take to avoid delays in reporting suspicious incidents in the future.

A lack of awareness about the seriousness of the attack and tardy response by IHiS staff were some of the issues which had been highlighted during the COI since it began on Aug 28.

It is okay to report things you are not sure about. IHiS chief executive Bruce Liang (above) when asked what steps he would take to avoid delays in reporting suspicious incidents in the future

For instance, suspicious network activities were detected as early as June 11, but senior staff failed to alert higher management until July 10.

From June 27 to July 4, hackers made away with SingHealth's "crown jewels": the personal data of 1.5 million patients and the outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong and several ministers.

As at late last month, IHiS has rolled out more sophisticated malware blocking that identifies threats by their techniques across all 6,000 servers and 60,000 endpoint devices in all public healthcare institutions.

More new measures are afoot.

For one, two-factor authentication will be set up for all administrators who manage some 60,000 endpoint devices such as workstations and laptops in public hospitals to thwart sophisticated hackers.

IHiS' security operation centre will also have advanced features including proactive threat hunting and intelligence to catch malicious activities that might have evaded detection.

A database activity monitoring system will also be rolled out to detect suspicious bulk queries to patient databases. IHiS does not have such automation at present even though it handles an average of 42,000 queries per second.

Temporary Internet surfing separation (ISS) was implemented across all public healthcare institutions following June's attack.

Studies are under way to keep ISS a permanent measure in some parts of the public healthcare system.

An alternative approach is to use virtual browsers that allow users to access the Internet safely via quarantined servers to limit the number of potential attack points.

The Health Ministry is piloting a virtual browser system, scheduled to be completed by the middle of next year, said IHiS.

Technology