Studies are under way to keep Internet surfing separation (ISS) a permanent measure in some parts of the public healthcare system following Singapore's worst breach involving the personal data of 1.5 million SingHealth patients, Parliament heard yesterday.
Health Minister Gan Kim Yong and Minister for Communications and Information S. Iswaran took turns to address 19 questions filed by MPs.
Mr Gan said: "We will study the impact of ISS on the ground, and determine whether we can keep it as a permanent measure, at least for some parts of our healthcare system."
After the cyber attack was discovered last month, the Ministry of Health (MOH) implemented ISS - where confidential data systems are separated from the Internet - across all the public healthcare clusters for a limited period.
"We will need to develop longer-term mitigation solutions to overcome the operational issues if ISS is to stay," he added.
Asked by MPs which systems will be affected, Mr Gan said: "Some areas such as emergency departments are more likely to be given certain rights for Internet access."
The reading of diagnostic reports from laboratories, video consultations and assessments of suspected stroke patients at the emergency department were affected after ISS was implemented across the board.
We will need to develop longer-term mitigation solutions to overcome the operational issues if ISS is to stay.
HEALTH MINISTER GAN KIM YONG, on the implementation of Internet surfing separation (ISS).
"Waiting times for consultation may also be longer as doctors may need to access references on the Internet through a separate computer," he said, responding to MPs' questions on operational delays at public hospitals and polyclinics.
Other unresolved efficiency issues include referrals to private sector partners, and submission and retrieval of results from screening systems, said Mr Gan.
As such, many healthcare systems in other places - such as Hong Kong's Hospital Authority and US-based managed care group Kaiser Permanente - have not implemented ISS fully across their operations.
The inconveniences also prompted MOH to look at alternative approaches, such as the use of virtual browsers on quaranti-ned servers to access the Inter-net safely.
MOH is piloting a virtual browser system, scheduled to be completed by the end of next month. Virtual browsers will be deployed together with advanced threat protection technologies to better fend off advanced cyber attacks.
MPs also asked whether malicious malware still lingers in the system, and if more could be done for those whose details were stolen.
While noting that there is no such thing as a foolproof system, Mr Iswaran assured the House that every effort has been made to eliminate any risks.
Mr Iswaran also said that this is a good time to review the use of NRIC numbers as usernames to access e-government and e-banking transactions.
The incident also called into question the security of the National Electronic Health Record (NEHR) system, although it is a separate system that was not affected by the cyber attack on SingHealth.
Mandatory contributions to the NEHR, which enables the sharing of patients' treatment and medical data among hospitals here, have been put on hold pending a cyber-security review by the Cyber Security Agency and professional services firm PwC Singapore.
"We must assure ourselves, users and patients that the necessary safeguards are in place before we proceed with wider implementation of the NEHR," said Mr Gan. "However, we should not reverse our direction in the use of technology in healthcare... We cannot return to the days of paper and pencil."