Cutting Internet access in public healthcare institutions here has caused a variety of difficulties such as longer waiting times for patients, declined productivity and increased staff fatigue, and new cyber-security risks to surface.

The Ministry of Health's (MOH) chief data adviser, Associate Professor James Yip, yesterday outlined these difficulties before a Committee of Inquiry (COI) looking into Singapore's worst cyber attack.

In June, the personal data of 1.5 million SingHealth patients and the outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong, were stolen.

Prof Yip said the Internet is important for MOH to meet its long-term objectives such as promoting health and improving illness prevention, providing care for patients and caregivers, and developing new capabilities to manage costs.

"Any decision on the continuation of ISS (Internet surfing separation) for the entire public healthcare system will need to be viewed in this context," he said.

Temporary ISS was imposed on SingHealth on July 19, followed by the National University Health System (NUHS) and the National Healthcare Group (NHG) on July 22, as a move to safeguard these IT systems and confidential patient data after the cyber attack.

Health Minister Gan Kim Yong told Parliament in August that the Government was studying ways to make ISS a permanent measure in some parts of the public healthcare system, even as he acknowledged the inconveniences such as longer waiting times for consultations.

Since the implementation of the ISS, Prof Yip said the healthcare clusters, which comprise largely hospitals, polyclinics and medical centres, have had problems with patient care.

Healthcare staff have had to take additional steps to book screening appointments and upload test results for patients. These steps include the manual porting of information, causing delays in reporting and creating an additional risk of transcription errors.

Frontline patient administration has been affected too as a result of the temporary ISS.

According to Prof Yip, staff now have to use separate, shared devices to retrieve patient information like insurance details, work permit status and Medisave balances. This increases waiting time for patients.

As a result, hospital staff have to use their personal mobile phones to work, and some hospitals have suspended their policies that disallowed this. Hospitals and clinics have spent "a significant amount of resources" to get more devices for their staff to use, said Prof Yip.

This sharing of multiple devices between staff has increased the time taken to perform tasks, he added. In some healthcare institutions, Prof Yip said staff are working overtime, which has led to an increased sense of fatigue.

The use of separate Internetenabled devices also opens up the system to new cyber-security risks, pointed out Prof Yip.

As these devices are not on the corporate network, they need to be patched manually, which could lead to a delay in the updates. Tasks associated with servicing and maintaining hospital equipment such as diagnostic testing, remote troubleshooting or uploading of maintenance logs are also affected.

In some cases, staff have to physically attend to these devices to update their firmware. He said: "There is also the risk of patches or updates being missed, which could in turn pose cyber-security concerns."

Prof Yip acknowledged that following the SingHealth attack, public healthcare staff have accepted the challenges of temporary ISS, and that patients have accepted poorer service delivery standards, delays and inconveniences.

But the current situation is not sustainable, he added.

"The operational challenges highlighted above will inevitably translate into tangible manpower and financial costs, and reduced employee and patient satisfaction," said Prof Yip.

"Ultimately, healthcare costs for the general Singapore public will rise. Given Singapore's tight manpower constraints, the task of finding enough healthcare workers for the future will become even more challenging."