SINGAPORE - Following the 2018 SingHealth data breach, a virtual browser that allows public healthcare workers to surf the Internet safely on their work computers has been rolled out to over 75 per cent of the 60,000 employees in the sector.
The "healthcare virtual browser", which cuts the risk of cyber attacks, is expected to be available to almost all the workers by the end of the year, according to an update by the Integrated Health Information Systems (IHiS) on Tuesday (Nov 2).
This is part of a cyber defence programme rolled out in 2019 by IHiS, which runs the information technology systems of all public healthcare operators here, to shore up the sector's cyber defences.
Dubbed the Cyber Defence Transformation Programme, it came after Singapore's worst data breach in 2018 when 1.5 million SingHealth patients' data, including Prime Minister Lee Hsien Loong's, was stolen.
Then Health Minister Gan Kim Yong likened the browser, which was still being tested at the time, to a decontamination room.
"If we imagine loading a Web page or downloading a file from the Internet to be like receiving a letter, the... server is like a decontamination room, where the letter is opened and only a picture is taken and sent to the recipient," Mr Gan had said.
The virtual browser allows public healthcare workers, including nurses and doctors, to access the Internet using their work computers through strictly controlled and monitored servers.
This minimises the risk of computers downloading and running any malicious files on websites.
Mr Gan had said that the Ministry of Health (MOH) had been experimenting with the browser before the 2018 cyber attack.
Outside of the virtual browser and dedicated zones covered by wireless networks for secure Internet surfing, public healthcare computers and devices are cut off from the Internet.
This measure was implemented across the public healthcare sector following the SingHealth data breach, and is still in place.
Mr Gan had said that the virtual browser could be the best solution for those who need access to intranet systems and the Internet on the same device.
On Tuesday, IHiS said that more than 190 initiatives under the Cyber Defence Transformation Programme have been completed, while another 70 are in progress.
This has tripled the number of cyber-security measures for public healthcare since 2019, said the agency.
"With ever-evolving and increasingly sophisticated cyber threats, we are committed to continuously improve our cyber-security posture," said IHiS chief executive Bruce Liang last month during an annual cyber-security week for public healthcare. "More initiatives are being planned to uplift our cyber-defence capabilities."
Other measures implemented include a revamped policy manual launched in 2019 to guide public healthcare institutions in their management of data, as well as information security issues and risks.
One initiative got all public healthcare workers to use two-factor authentication to log into public healthcare systems.
An Advanced Security Operations Centre was also established to enable the Government to better detect and respond to threats in a timely manner, with more tools to be added progressively, said IHiS.
The agency and MOH now refer to a "cyber risk dashboard" that provides information on the public healthcare sector's cyber-security risks.
Besides stepping up efforts to educate workers on phishing and theft of log-in details, public healthcare institutions have grown their pool of cyber-security talent in the last three years, with people trained in forensic operations, cyber-security policies and regulations, as well as security operations.
