Public healthcare IT provider to improve systems and processes to better respond to future attacks

SINGAPORE – National healthcare IT provider Synapxe said on Nov 20 that it will step up defences against cyber attacks, after a recent strike downed 

the web services of public hospitals and polyclinics.

Synapxe said it will “strengthen its system design” to make it more resilient against new forms of distributed denial of service (DDoS) attacks in future.

A DDoS attack caused a seven-hour disruption of the web services of public healthcare institutions on Nov 1, the IT provider confirmed after joint investigations with the Cyber Security Agency of Singapore.

In a DDoS attack, attackers flood servers with Internet traffic to prevent users from accessing online services.

“We will also improve our operating processes through a combination of enhanced monitoring, and tighter coordination between identification of the threats and activation of appropriate defensive measures,” Synapxe said.

These changes would allow it to better respond to future attacks, and protect the reliability and accessibility of public healthcare systems, the agency added.

The Straits Times has contacted Synapxe for more information on the changes to its systems and processes.

Previously, Synapxe said it has a “layered defence” designed to detect and respond to cyberthreats, including DDoS attacks. This includes system backups, services that block abnormal surges in Internet traffic before they enter the public healthcare network, and firewalls.

However, an abnormal surge in network traffic – detected at 9.15am on Nov 1 – bypassed the blocking service and overwhelmed Synapxe’s firewall behind the blocks, the IT provider said earlier.

“There is no evidence to indicate that public healthcare data and internal networks had been compromised,” said Synapxe on Nov 20.

Critical systems for clinical services and operations remained accessible and unaffected during the Nov 1 attack, it added, and patient care was not compromised.

Between 9.20am and 4.30pm on Nov 1, public healthcare institutions – such as public hospitals, polyclinics and the Institute of Mental Health –

experienced a total blackout

of all services requiring Internet connectivity, losing access to websites, e-mails and internal productivity tools for staff.

Major hospitals such as Singapore General Hospital, National University Hospital, Khoo Teck Puat Hospital and Changi General Hospital were among the affected institutions.