Recuperating SingHealth’s IT System
On 24 July 2018, OpenGov reported a major data breach in Singapore’s SingHealth database. A month on, we report on what the Ministry of Health is undertaking to bolster itself against future attacks.
Internet Surfing Separation
At the recent parliamentary sitting, the Minister of Health responded to a host of queries from the Cabinet. The queries centred about follow-up action that will be taken and consequences of the cyberattack on healthcare services.
A key initiative launched is temporary Internet Surfing Separation (ISS). ISS is being imposed for all public healthcare clusters. ISS not a new initiative. Since 2016, there have been whole of government efforts to eventually undertake ISS. Under ISS, work computers will not have Internet access. In turn, the chances of sensitive data being exploited are immediately whittled. However, the cyberattack on SingHealth was faster than the rate of ISS implementation for public healthcare services.
The Minister of Health suggested a possibility that ISS could be permanent. A review of on the ground’s happenings will form the litmus test for ISS’ permanency. However, the permanency might only be applicable to only certain sects of the healthcare system. Should ISS become a permanent solution, other long-term mitigation solutions must be developed alongside.
These complementary solutions are necessary because doing work without the Internet is almost unthinkable. The Minister of Health iterated that the Internet is integral in the provision of certain healthcare services. These include information sharing across laboratories, liaising with external vendors, video consultations and keeping accounts.
Not to rest on its own laurels, the Ministry of Health is looking abroad for comprehensive solutions. The Ministry is also seeking alternative solutions which minimise the impact on its operations and patients.
Another possible solution is a virtual browser. Users will access the Internet via set of quarantined servers. This protects users when they go online by reducing the chances of virtual attacks. The virtual browser solution will be accompanied by the Advanced Threat Protection (ATP). The ATP bolsters individuals against more malicious cyberattacks. ATP is currently in the process of development. It is set to be completed by the end of August 2018.
Meanwhile, the virtual browser pilot is scheduled to be completed by September 2018.
Impact on Healthcare Services
The additional safety measures taken have impacted healthcare services. The Minister cited longer waiting times for seeking medical consultation since doctors must access critical information from a separate computer. Even basic services like checking of one’s MediSave (Singapore’s compulsory healthcare insurance) accounts and making claims might be hampered.
Efficiency and productivity must be sacrificed until a formidable solution can be erected. Nevertheless, a return to archaic methods of pen and paper are not feasible in a digital age where technology’s benefits are tremendous.
What to Expect
As promised in the initial wake of the attack, investigations by the Committee of Inquiry led by the Minister for Communications and Information are still ongoing. A report will be drawn up to list full details of the attack and possible recommendations.
On the part of the Ministry of Health, a thorough review of the cybersecurity measures which have been put in place will be reviewed. Areas which require improvement will be identified in cyber threat prevention, detection and response. Third party experts will also be called upon to guarantee a comprehensive cybersecurity solution framework.
The lessons of the attack will not be forgotten. Instead, the Minister issued a clarion call urging the government to remain vigilant. Public servants should raise their awareness of the various sophisticated tools and techniques used to break into sensitive databases. Agility is key in overcoming future threat.
What’s a Rich Text element?
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
Static and dynamic content editing
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
How to customize formatting for each rich text
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.