SINGAPORE: The websites of major public hospitals, polyclinics and healthcare clusters in Singapore could not be accessed for more than seven hours on Wednesday after they crashed at about 9.20am.
Access was restored at about 4.30pm but, until then, users were unable to access the websites of Singapore General Hospital, Tan Tock Seng Hospital, National University Hospital, Changi General Hospital, and KK Women’s and Children’s Hospital.
The official sites of Sengkang General Hospital, Khoo Teck Puat Hospital, Ng Teng Fong General Hospital and the Institute of Mental Health were also down, as were the websites of all three public healthcare clusters.
Throughout the disruption, patient records remained accessible and clinical services were unaffected, said some of the hospitals and their IT service provider Synapxe on Facebook.
Synapxe added in an 11.09pm Facebook post that it has “found no evidence to indicate that our data and internal networks have been compromised”.
Treatment of hospital patients went on with little interruption, said a junior doctor at a public hospital who declined to be named.
“I barely noticed it. It was just a regular day for me,” he said.
Attempts to access the portals were met with a message saying that data was not loaded.
In response to queries, a SingHealth spokesman said at 3.30pm: “There is currently an Internet access disruption affecting all public healthcare clusters. Services requiring Internet applications like websites are inaccessible. For appointments and billing services, patients can use the Health Buddy app.”
When contacted, a National University Health System (NUHS) spokesperson said on Wednesday night that it was alerted to the disruption in the morning.
The spokesperson added: “Services requiring Internet applications, such as our contact centre, websites, emails and some features of the OneNUHS app were temporarily unavailable. Our patients could still manage their appointments via the OneNUHS app.
“Affected services are gradually being restored, and the majority are now available. These include the contact centre and emails.”
Both SingHealth and NUHS said their clinical services were unaffected by the outage, and both are working with Synapxe on the issue.
In its late-night Facebook post, Synapxe said investigations into the outage are ongoing.
Services requiring Internet connectivity at public healthcare institutions, including websites, emails, and a few Internet-facing applications, became inaccessible at about 9.20am, it added.
Internet connectivity was progressively restored from 4.30pm, with most affected services restored by 5.15pm, Synapxe said.
“Clinical services and operations at the public healthcare institutions, such as access to patient records and appointment systems, remained accessible and unaffected throughout the disruption, and patient care had not been compromised,” it added.
Singapore has three healthcare clusters that manage all public hospitals and polyclinics.
Singapore Health Services, better known as SingHealth, runs the hospitals and polyclinics in the east, while NUHS oversees those in the west, and National Healthcare Group manages those in the central region.
The HealthHub website and private hospital websites in Singapore appeared unaffected.
Kevin Reed, chief information security officer of cyber security firm Acronis, said checks of the websites that were down showed they shared similar IP addresses, which suggests they were hosted on the same server.
He said: “This is a worrying sign because all websites use the same location to keep them running, and they could all go down at the same time, and be unable to provide web services to users.”
He added that the web outage did not cause doctors to lose access to patient information and allowed clinical services to proceed as usual – a healthy sign that the data was kept separate from the hospitals’ private data.
“Like the DBS Bank outage, this event falls to a similar question, which is, whose responsibility is it when a service is down? The hospitals rely on third-party providers, which seem to not have done their job.”
He added: “We all remember the SingHealth data leak from 2018, so it is understandable why people are cautious.”
DBS suffered a 12-hour outage on Oct 14, affecting digital services and automated teller machines. The outage happened because of a technical issue with the cooling system of its data centre.
In the SingHealth data leak in 2018, which was described then as a “deliberate, targeted and well-planned cyber attack”, hackers stole the personal particulars of 1.5 million patients.
Of these, 160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had their outpatient prescriptions stolen as well.
In the aftermath, Integrated Health Information Systems – Synapxe’s predecessor – was fined S$750,000 (RM2.61mil), while SingHealth was fined S$250,000 (RM870,368) for the data breach.
A Committee of Inquiry on the incident made 16 recommendations to better protect SingHealth’s database, among other goals. – The Straits Times (Singapore)/Asia News Network