SINGAPORE: The Ministry of Health (MOH) is studying and piloting a virtual browser solution for public healthcare IT systems, which will reduce the number of potential attack points, Health Minister Gan Kim Yong said in Parliament on Monday (Aug 6).
“This enables users to access the Internet more safely via a set of quarantined servers,” Mr Gan said in a ministerial statement. He was responding to questions related to the SingHealth cyberattack last month from members including chairman of the government parliamentary committee of health Dr Chia Shi Lu.
AdvertisementThe cyberattack resulted in the personal particulars of 1.5 million SingHealth patients including Prime Minister Lee Hsien Loong being accessed and copied. Of this, 160,000 also had information on their outpatient dispensed medicines accessed. However, no phone numbers, passwords or credit card information were accessed.
He added that an ongoing pilot on virtual browser was scheduled to be completed by September this year. Mr Gan said the virtual browser solution is an alternative approach to achieve similar protection as internet surfing separation (ISS), while minimising the impact on operations and patients.
Mr Gan said the virtual browser solution will be complemented by the deployment of Advanced Threat Protection (ATP), which will provide further defence against advanced cyberattacks.
The deployment of ATP had been initiated before the SingHealth incident and is expected to be completed by end of this month, he added.
AdvertisementAdvertisement“Nevertheless, given the urgency of the matter, we went ahead to implement ISS, albeit as a temporary measure,” he said.
ISS was implemented for SingHealth since July 19, and National University Health System and National Healthcare Group have done so since July 23, he said.
“Many healthcare systems in other countries have found it difficult to implement ISS for practical and operational reasons,” he said, adding that healthcare systems, such as Hong Kong’s Hospital Authority and Kaiser Permanante have not adopted full ISS.
Imposing ISS will limit avenues for attackers to enter and exit the healthcare clusters’ IT systems, he said, while acknowledging that ISS has “created some inconveniences and operational challenges for healthcare workers and patients”.
Areas that have been affected include reading of diagnostic reports from laboratories, video consultation and assessment of suspected stroke patients at the emergency department. Waiting times for consultation may also be longer as doctors may need to access references on the internet through a separate computer.
There remain some issues not yet fully resolved, Mr Gan said, such as referrals to private sector partners, and submission and retrieval of results from screening systems.
He said these do not compromise patient care and safety, but affect the efficiency of our healthcare delivery.
“As a result of the security measures, some patients may experience a longer wait for consultations and receive their test results, as well as delays in checking their MediSave accounts or making their claims. The productivity and efficiency of our services may also be affected in some cases,” the minister added.
To mitigate the challenges on the ground and allow the healthcare institutions to continue to operate safely, Mr Gan said engineers in the healthcare sector worked overnight and through the weekend to put in place temporary work-around solutions.
Let's block ads! (Why?)
More...