New measures to strengthen public healthcare systems following SingHealth data breach

Integrated Health Information Systems said the new standard operating procedure of reporting suspicious IT incidents within 24 hours, along with 18 other new technical measures, will "reduce the risks and impact of human errors".
Integrated Health Information Systems said the new standard operating procedure of reporting suspicious IT incidents within 24 hours, along with 18 other new technical measures, will "reduce the risks and impact of human errors".PHOTO: ST FILE

SINGAPORE - The cyber attack on SingHealth's network in June has prompted a slew of new measures at its IT vendor, including a requirement to report suspicious IT incidents within 24 hours.

In a statement on Thursday (Nov 1), Integrated Health Information Systems (IHiS) - tasked to run the IT systems of all public healthcare operators in Singapore - said the new standard operating procedure, along with 18 other new technical measures, will "reduce the risks and impact of human errors".

Two-factor authentication will also be set up for all administrators who manage about 60,000 endpoint devices such as workstations and laptops across all public hospitals to thwart sophisticated hackers.

This means administrators will need to enter a one-time password generated either by a security token or delivered by SMS to log into systems to reset passwords among other administrative tasks.

IHiS' security operation centre will also have advanced features including proactive threat hunting and intelligence to catch malicious activities that might have evaded detection.

Access control will be enhanced to allow only computers that have the latest anti-virus and anti-malware security updates to plug into hospital networks. Machines that are not adequately protected will need the necessary security updates before they can rejoin the network.

A new database activity monitoring system will also be rolled out to detect suspicious bulk queries to patient databases.

 

So far, advance malware blocking that identifies threats by their technique has been rolled out across all 6,000 servers and 60,000 endpoint devices.

Temporary Internet surfing separation (ISS) was implemented across all public healthcare institutions following Singapore's worst breach involving the personal data of 1.5 million SingHealth patients.

Studies are under way to keep ISS a permanent measure in some parts of the public healthcare system.

An alternative approach is to use virtual browsers, which enable users to access the Internet safely via a set of quarantined servers, to reduce the number of potential attack points.

The Health Ministry is piloting a virtual browser system, scheduled to be completed by the middle of next year.