On November 1, major public hospitals, polyclinics, and healthcare clusters in Singapore experienced a significant website outage that lasted over seven hours, starting at 9:20 AM and concluding around 4:30 PM. The disruption affected access to websites like Singapore General Hospital, Tan Tock Seng Hospital, National University Hospital, and several others.
While patients couldn’t access the sites, patient records remained accessible, and clinical services were not disrupted during this period. Investigations are ongoing to determine the root cause of the outage, and cybersecurity experts confirmed that there was no evidence of data compromise.
This incident raises concerns about the shared hosting infrastructure used by the affected websites. Kevin Reed, Chief Information Security Officer of cyber security firm Acronis, noted that similar IP addresses among the websites suggest shared servers, making them vulnerable to collective outages. The outage, much like a previous one affecting DBS Bank, questions the responsibility and reliability of third-party service providers.
Singapore’s healthcare system was cautious due to a previous data breach incident in 2018, when a cyberattack exposed the personal information of 1.5 million patients, prompting significant fines and recommendations for enhanced data protection.
Despite the website disruption, clinical services continued without interruption, highlighting the separation between patient data and the affected websites. Both SingHealth and National University Health System (NUHS) reported that clinical services remained unaffected by the outage. As investigations continue, this incident underscores the importance of maintaining the robustness and reliability of healthcare systems to ensure seamless patient care, data security, and resilience against potential cyber incidents.
References:
