A distributed denial-of-service attack has been identified as the cause of an online service outage that affected several public healthcare institutions in Singapore. The attacks are continuing, according to national healthtech agency Synapxe, which is responsible for the IT operations that support the country's public healthcare network. This network encompasses 46 public healthcare institutions, such as hospitals and polyclinics, and 1,400 community partners that include nursing homes and general practitioners. Affected institutions included Tan Tock Seng Hospital, Singapore General Hospital, and National University Hospital, and three local public healthcare clusters, including SingHealth and National Healthcare Group. Most affected services were restored by 5.15pm on November 1. Synapxe said there was no evidence to suggest public healthcare data and internal networks had been compromised. It added that mission-critical systems supporting clinical services and operations at the healthcare institutions remained up, including access to patient records and internal networks. The agency said its networks are protected with "a layered defence" that is architected to detect and respond to online threats, including DDoS attacks. "Our systems are also designed with redundancies for resilience and these include system backups. To minimize the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services that block abnormal surges in internet traffic before they enter our public healthcare network," it said. "Once the traffic is cleared by the blocking service, firewalls [also] are in place to allow only legitimate traffic into the network." The DDoS attack had "Overwhelmed" the firewall behind these blocks, which triggered the firewall to filter out the traffic and rendered services that depended on online connectivity inaccessible. Synapxe said it worked with its service providers to roll out measures to block the abnormal traffic, so legitimate requests could come through and affected services were restored progressively. The DDoS attacks are "Continuing", it said, adding that this might mean further occasional disruptions to internet services. "The incident is a stark reminder that DDoS attacks are on the rise, with changing attack methods," Synapxe said. "DDoS attacks cannot be prevented and the defences against DDoS attacks will have to constantly evolve to keep up with advancements." "The public healthcare sector will take this opportunity to review our defences against DDoS attacks and learn from the episode to further strengthen our cybersecurity," it added. Singapore saw one of its most serious data breaches in 2018, which compromised personal data of 1.5 million healthcare patients, including Prime Minister Lee Hsien Loong. Affected users were patients of SingHealth, the country's largest cluster of healthcare institutions. The government agency said 15%, or more than 16,000, of medical devices in local public healthcare institutions have internet connectivity and medical devices increasingly are connected to hospitals and home networks. CSA hopes the expansion of the security labeling scheme to include medical devices will motivate manufacturers to embed security into their product design, and that healthcare operators can make more informed decisions on the use of such devices.
This Cyber News was published on www.zdnet.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000