A Distributed Denial of Service (DDoS) attack has been identified as a cause of a cyber outage affecting several public healthcare institutions in Singapore.
The attacks continue, according to national health technology agency Synapxe, which is responsible for IT operations supporting the country’s public healthcare network. This network includes 46 public health care institutions, such as hospitals and polyclinics, and 1,400 community partners, including nursing homes and general practitioners.
also: The Best VPN Services (And How to Choose the Right One for You)
Internet access was lost on November 1 when attackers flooded the affected servers with requests, preventing legitimate users from accessing the websites of several hospitals. Affected institutions included Tan Tock Seng Hospital, Singapore General Hospital, National University Hospital, and three local public healthcare groups, including SingHealth (Singapore Health Services) and National Healthcare Group.
The internet connection was out for a little over seven hours. During this time, services that require communication were not accessible, including email and employee productivity tools. Most affected services had been restored by 5.15pm on 1 November.
Synapxe said there was no evidence to suggest that public healthcare data and internal networks had been compromised. She added that mission-critical systems that support clinical services and operations in healthcare institutions remained in place, including access to patient records and internal networks.
also: Best VPN Services for iPhone and iPad (Yes, You Need to Use One)
The health technology operator said it detected an abnormal spike in network traffic on the morning of November 1, circumventing the tools it had in place to prevent errant activity.
The agency said its networks are protected by a “multi-layered defense” designed to detect and respond to online threats, including DDoS attacks.
“Our systems are also designed with redundancy for resiliency, and this includes system backups. To reduce the risk of being overwhelmed by higher than normal Internet traffic, Synapxe subscribes to services that block abnormal surges in Internet traffic before it enters our public healthcare network., ” He Said. “Once traffic is cleared by the blocking service, firewalls are created [also] exists to allow only legitimate traffic into the network.”
However, the DDoS attack has “overwhelmed” the firewall behind these blocks, causing the firewall to filter traffic and render services that rely on online communication inaccessible.
Synapxe said it has worked with its service providers to roll out measures to block abnormal traffic, so that legitimate requests can be served and affected services can be gradually restored.
Also: Cybersecurity 101: All about how to protect your privacy and stay safe online
DDoS attacks are “continuous,” she said, adding that this could mean more occasional disruptions to internet services.
Its investigation into the incident remains ongoing and is being carried out alongside Singapore’s cybersecurity regulator, the Cyber Security Agency (CSA).
“This incident is a stark reminder that DDoS attacks are on the rise, with attack methods changing,” Synapxe said. “DDoS attacks cannot be prevented and defenses against DDoS attacks must constantly evolve to keep pace.
He added: “The public healthcare sector will take this opportunity to review our defenses against DDoS attacks and learn from the incident to strengthen our cybersecurity.”
Singapore experienced one of its most serious data breaches in 2018, which left the personal data of 1.5 million healthcare patients at risk, including Prime Minister Lee Hsien Loong. The affected users were patients of SingHealth, the largest group of healthcare institutions in the country.
also: The best VPNs to stream your favorite shows and sports
SingHealth was fined S$250,000 over the incident, while Synapxe (then called Integrated Health Information Systems) was fined S$750,000 for failing to take adequate security measures to protect personal data.
In recent years, Singapore has intensified its efforts to enhance the cyber resilience of its critical information infrastructure, with a focus on operational technology (OT) security. The country has revised its cybersecurity strategy to emphasize OT, providing guidance on the technical skill sets and competencies OT organizations need.
Last month, the CSA took additional steps to expand the National Security Labeling Initiative by including medical devices, launching a sandbox in which manufacturers can test their products. The government agency said 15%, or more than 16,000, of medical devices in local public health care institutions have an Internet connection, and medical devices are increasingly connected to hospital and home networks. This could lead to increased cybersecurity risks, as vulnerabilities in software used for clinical diagnosis could be exploited, for example, to create false diagnoses, the CSA said.
Unsecured medical devices can also be targeted in DoS attacks, thus preventing patients from receiving treatment, she added. The CSA hopes that expanding the security labeling system to include medical devices will incentivize manufacturers to include security in the design of their products, and that healthcare operators will be able to make more informed decisions about the use of these devices. The chart includes four ratings, with each level reflecting additional tests against which the product was evaluated.