New measures to strengthen public healthcare systems following SingHealth data breach

Integrated Health Information Systems said the new standard operating procedure of reporting suspicious IT incidents within 24 hours, along with 18 other new technical measures, will "reduce the risks and impact of human errors". PHOTO: ST FILE
Irene Tham
Tech Editor
Updated
Nov 01, 2018, 05:59 PM
Published
Nov 01, 2018, 04:00 PM

SINGAPORE - The cyber attack on SingHealth's network in June has prompted a slew of new measures at its IT vendor, including a requirement to report suspicious IT incidents within 24 hours.

In a statement on Thursday (Nov 1), Integrated Health Information Systems (IHiS) - tasked to run the IT systems of all public healthcare operators in Singapore - said the new standard operating procedure, along with 18 other new technical measures, will "reduce the risks and impact of human errors".

Two-factor authentication will also be set up for all administrators who manage about 60,000 endpoint devices such as workstations and laptops across all public hospitals to thwart sophisticated hackers.

This means administrators will need to enter a one-time password generated either by a security token or delivered by SMS to log into systems to reset passwords among other administrative tasks.

IHiS' security operation centre will also have advanced features including proactive threat hunting and intelligence to catch malicious activities that might have evaded detection.

Access control will be enhanced to allow only computers that have the latest anti-virus and anti-malware security updates to plug into hospital networks. Machines that are not adequately protected will need the necessary security updates before they can rejoin the network.

A new database activity monitoring system will also be rolled out to detect suspicious bulk queries to patient databases.

More On This Topic
SingHealth data came under attack before plans to strengthen Internet protocols were put in place

So far, advance malware blocking that identifies threats by their technique has been rolled out across all 6,000 servers and 60,000 endpoint devices.

Temporary Internet surfing separation (ISS) was implemented across all public healthcare institutions following Singapore's worst breach involving the personal data of 1.5 million SingHealth patients.

Studies are under way to keep ISS a permanent measure in some parts of the public healthcare system.

An alternative approach is to use virtual browsers, which enable users to access the Internet safely via a set of quarantined servers, to reduce the number of potential attack points.

The Health Ministry is piloting a virtual browser system, scheduled to be completed by the middle of next year.

Related Stories
SingHealth database hackers have targeted other systems here since at least 2017: Symantec
Data leaks are serious business and other lessons to learn from SingHealth breach
Tiered model of Internet access being considered for public healthcare sector, says Gan Kim Yong
11 critical sectors to shore up defences in response to SingHealth COI report: Iswaran
Singapore's privacy watchdog fines IHiS $750,000 and SingHealth $250,000 for data breach
Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair
COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief
SingHealth COI: Communication problems hampered data breach response, says expert witness

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top