Operations unaffected at SingHealth clinics after cyber attack and Internet delinking for staff computers

The Specialist Outpatient Clinics at Singapore General Hospital.
The Specialist Outpatient Clinics at Singapore General Hospital.PHOTO: ST FILE

SINGAPORE - A day after news broke on Friday (July 20) about Singapore's worst cyber attack that affected 1.5 million SingHealth patients, operations on the ground at the healthcare group's hospitals, polyclinics and national speciality centres seemed unaffected.

On Thursday midnight, staff at SingHealth's four hospitals, five national speciality centres and eight polyclinics, had their Internet access temporarily delinked as part of efforts to tighten security following the cyber attack which started in June this year.

This means that staff are unable to access the Internet from their work computers, and Health Minister Gan Kim Yong had on Friday said this could lead to slower online payments.

However, patients at the SingHealth clinics that The Straits Times visited on Saturday said they did not notice any difference in the time it took to register or make their payments.

Clerk Chua Siew Kwan, 55, who was at the National Cancer Centre Singapore near Outram Road for a check-up, said there were no problems or long waits for registration and payment.

"No one mentioned (the cyber attack) and we didn't notice anything different," she said in Mandarin.

Her experience was similarly echoed by patients at other SingHealth polyclinics and hospitals.

However, some raised concerns about the data leak.

The information stolen included names, IC numbers, addresses, gender, race and dates of birth, while some 160,000 patients, including Prime Minister Lee Hsien Loong, also had their outpatient prescription information accessed by the hackers.

Childcare teacher Vasantha Raghavan, 52, who was at Bukit Merah Polyclinic, said she was worried about her personal data getting out.

 
 
 

"To have this leaked is an issue of privacy, having someone you don't know looking through your personal and private things," she added.

"With such advanced technology, you don't know what these hackers can use your private and personal information for. I think Singaporeans need to be concerned."

While 58-year-old delivery man Jason Kng said he experienced long queues and waiting time at Bukit Merah Polyclinic, he did not think it was linked to the incident.

However, he added: "SingHealth needs to be responsible for the leak... I'm worried about scammers who can use these details to reach out to us or even use it against us."

Both Mr Kng and Ms Raghavan received SMSes from SingHealth informing them that their personal details had been accessed.

Emeritus Senior Minister Goh Chok Tong also said on Facebook that his non-medical personal particulars had been stolen.

"Cyber theft is a key risk when going digital. But we cannot stop the digital advance and must strive to build the most secure Smart Nation," he wrote in the post on Friday.

In response to queries from ST, SingHealth Group chief executive officer Ivy Ng said the Internet delinking was a necessary move to safeguard patients' data despite inconveniences for the staff.

She added that plans are underway to provide interim alternatives to departments that require Internet access for work, so as to minimise disruptions.

This includes having standalone computers or laptops with Internet connectivity, but do not sit within SingHealth's networks.

She said patient care and safety will not be compromised.

"So far our patients have not reported any issues with services such as appointment booking or payment, but we are monitoring the situation," Prof Ng added.

Staff computers at two public healthcare groups, National Healthcare Group and National University Health System, will follow suit and have their Internet access delinked by early next week.