Internet separation on public healthcare computers could have disrupted cyber attack: DPM Teo Chee Hean

Deputy Prime Minister Teo Chee Hean said much was being done to prevent a future cyber attack, but emphasised that Singapore cannot let the incident derail its Smart Nation push.
Deputy Prime Minister Teo Chee Hean said much was being done to prevent a future cyber attack, but emphasised that Singapore cannot let the incident derail its Smart Nation push.ST PHOTO: ARIFFIN JAMAR

SINGAPORE - Internet surfing separation could and should have been implemented for computers in the public healthcare sector, just as it had been done for the public sector, said Deputy Prime Minister Teo Chee Hean in the wake of the cyber attack on SingHealth.

This would have gone some way in preventing the massive data breach announced last week, he added, saying that the attackers had gained entry into the SingHealth system through one of the front-end computers connected to the Internet used by "thousands of users in the medical and academic community".

The hackers eventually made off with the personal information of more than 1.5 million patients in the worst cyber attack here.

Of these, 160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had their outpatient prescription information stolen as well.

Speaking at the Public Service Engineering Conference 2018 at Resorts World Sentosa on Tuesday morning (July 24), Mr Teo said much was being done to prevent a future attack, but emphasised that Singapore cannot let the incident derail its Smart Nation push.

"We should not allow this incident to hold us back in building a Smart Nation and a digital government. We need to persist with our efforts to harness the potential of the digital age while building deeper expertise in our cyber security... to do so confidently," said Mr Teo, who is also the Coordinating Minister for National Security.

Commenting on the lessons learnt so far, he added that the incident had exposed weaknesses in the end-user workstations of the public health sector.

 
 
 
 

He noted that the computers in the public healthcare clusters have since been delinked from the Internet, a move which he said would have disrupted the chain of cyber attack. The Health Ministry, announcing the temporary delinking on Monday, did not say when it would end.

The "sophisticated and persistent" intruder had also circumvented security barriers at the intermediate layer, which manages and screens requests to the database for information, said Mr Teo.

He added that solutions are being implemented to address these weaknesses.

The case has also shone a spotlight on the prompt reporting of such incidents to the cyber security authorities so that investigations can be carried out, he said, adding that SingHealth's IT operators had been able to discover the intrusion attempt and report it in a timely manner.

He pointed out how in other jurisdictions, there had been instances where system operators were unaware of the intrusions and the loss of large amounts of data until the data was published online or offered for sale on the dark Web.

But Mr Teo said: "Of course, we are studying to see how this could have been detected and reported more quickly, preventing such a large data loss."

He added that addressing the issue goes beyond implementing technical solutions, and also involves "addressing public concerns and confidence, communicating and explaining to the public and our own users as transparently as possible".

To this end, a Committee of Inquiry has been appointed to look thoroughly into all aspects of the cyber attack, Mr Teo said.