News analysis
Healthcare institutions’ websites outage did not disrupt critical service but it does shake confidence
Sign up now: Get ST's newsletters delivered to your inbox
People’s trust in the efficiency and high level of security of government IT platforms may be shaken as a result of the outage, says the writer.
ST PHOTO: ALPHONSUS CHERN
Follow topic:
It might have come as a shock that the websites for all public sector healthcare institutions were unavailable
Given today’s high dependency on the Internet, people here expect online access to public sector information to be always available. So the shock is greater when the disruptions did not affect just one institute, but the entire public healthcare system.
Many people questioned why there wasn’t a back-up system. Checks by cyber security experts of the websites that were down showed they shared similar IP addresses, which suggests that the websites of all three public healthcare clusters were hosted on the same server.
People also asked if it was a cyber attack and whether any personal data had been leaked. Most importantly, was patient care derailed as a result of the hours-long disruption?
Fortunately, patient care was not disrupted during Wednesday’s outage. It also appears that no sensitive data was lost.
Synapxe, which manages the tech platforms of national healthcare institutions, allayed fears of a cyber attack late on Wednesday night, saying there was “no evidence to suggest data and internal networks have been compromised”.
If this statement holds true after investigations, then in the overall scheme of things, the disruption was certainly a nuisance, but not really a serious breach.
In healthcare, inability to access cluster websites, and even e-mails, does not affect the core business – that of treating patients. So long as patient care continued unhampered, healthcare providers will not be made to account for the outages in similar ways as banks.
Banking websites are where customers transact to pay for goods and services. That is why the Monetary Authority of Singapore requires banks here to ensure that their critical systems and services can be recovered within four hours following an outage.
Customers rely on lenders’ Internet banking platforms and apps for a wide variety of services. These include bill payments, fund transfers to peers and merchants, investing, and applying for financial products such as credit cards and loans.
Operational disruptions, if not mitigated speedily, may compromise the ability of financial institutions to meet their business obligations. Given that financial institutions are highly interconnected, bank website outages may result in financial and reputational damage, along with inconvenience to customers.
The same is not true of the healthcare system. The cluster websites do serve a purpose, such as allowing patients to check on services available, to request an appointment, or to pay their bills. A few hours’ delay does not do much harm.
Wednesday’s outage is certainly not as serious as the cyber attack on SingHealth’s systems in 2018
But it does bring that incident to mind. And it does raise the question of why such incidents occur, and what else can go wrong.
It’s been more than 24 hours since the disruptions occurred. But Synapxe has yet to explain what went wrong.
Having the websites of nationwide public healthcare institutions go down may not be severe, as critical services were not affected. But people’s trust in the efficiency and high level of security of government IT platforms may be shaken as a result.
That is the real fallout.
