Measures in place ensured security of healthcare data and internal networks
Investigations on the internet connectivity disruption for public healthcare institutions which happened on 1 November 2023 showed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack, where the attackers flood servers with internet traffic to prevent legitimate users from accessing online services. Synapxe has found no evidence to indicate that public healthcare data and internal networks have been compromised.
2. Internet connectivity at public healthcare institutions was disrupted between 9.20am and 4.30pm on 1 November 2023, with most of the affected services restored by 5.15pm. During the disruption, services requiring internet connectivity at public healthcare institutions, including websites, emails, productivity tools for staff, were inaccessible.
3. Throughout the incident, Synapxe was able to sustain the mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records. Patient data and the internal networks remained accessible and unaffected. Patient care was not compromised.
4. Synapxe’s networks are protected in a layered defence designed to detect and respond to cyber threats, including DDoS attacks. Our systems are also designed with redundancies for resilience, and these include system backups. To minimise the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services which block abnormal surges in internet traffic before they enter our public healthcare network. In addition, once the traffic is cleared by the blocking service, firewalls are in place to allow only legitimate traffic into the network.
5. On 1 November 2023, an abnormal surge in network traffic was detected at 9.15am. This surge circumvented the blocking service, and overwhelmed Synapxe’s firewall behind the blocks. This triggered the firewall to filter out the traffic, and all the websites and internet-reliant services became inaccessible. Once the cause was identified, Synapxe immediately worked with service providers to deploy measures to block the abnormal traffic in order to allow legitimate traffic required for internet services to resume. Services were restored progressively from 4.30pm.
6. The DDoS attacks are continuing, and we may see occasional disruptions in internet services as a result. Synapxe is working with relevant parties to actively defend against the attacks, and expedite the recovery processes. Investigations by Synapxe and the Cyber Security Agency (CSA) are also ongoing.
7. The measures put in place by Synapxe to protect our systems have enabled us to withstand the attacks with no compromise to healthcare data and internal networks.
8. The incident is a stark reminder that DDoS attacks are on the rise, with changing attack methods. DDoS attacks cannot be prevented, and the defences against DDoS attacks will have to constantly evolve to keep up with advancements.
9. The public healthcare sector will take this opportunity to review our defences against DDoS attacks, and learn from the episode to further strengthen our cybersecurity . It is important that we continue to remain vigilant against cybersecurity threats.
