SINGAPORE — The seven-hour disruption to the websites of several public healthcare institutions on Wednesday (Nov 1) was due to a cyberattack, where attackers flooded servers with internet traffic, national health technology provider Synapxe said.
The outage was caused by a Distributed Denial-of-Service (DDoS) attack, Synapxe said in a statement on Friday, adding that it has found “no evidence to indicate that public healthcare data and internal networks have been compromised”.
A DDoS attack is when IT equipment such as a computer, router or server is flooded with a sudden and enormous volume of traffic from multiple sources. This prevents legitimate users from accessing online services.
Users had reported errors when trying to access the websites of some public healthcare institutions — such as Singapore General Hospital, National University Hospital and Tan Tock Seng Hospital — from about 9.20am on Wednesday.
Other internet services such as emails and productivity tools for staff members were also inaccessible.
Synapxe supports the operations of 46 public healthcare institutions, including acute hospitals and polyclinics, and around 1,400 community partners such as nursing homes and general practitioners.
“Throughout the incident, Synapxe was able to sustain the mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records,” the technology service provider said.
“Patient data and the internal networks remained accessible and unaffected. Patient care was not compromised.”
Synapxe added that its networks are protected in a “layered defence” to detect and respond to cyber threats such as DDoS attacks, and have redundancies such as system backups.
“To minimise the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services, which block abnormal surges in internet traffic before they enter our public healthcare network,” it said.
“In addition, once the traffic is cleared by the blocking service, firewalls are in place to allow only legitimate traffic into the network.”
However, the surge of traffic from the DDoS attack on Wednesday bypassed the blocking service. As a result, Synapxe’s firewall was overwhelmed as it tried to filter out the traffic, rendering all websites and internet-reliant services inaccessible.
“Once the cause was identified, Synapxe immediately worked with service providers to deploy measures to block the abnormal traffic in order to allow legitimate traffic required for internet services to resume,” it said, adding that services were “restored progressively” from 4.30pm.
It also said that the DDoS attacks are continuing, and there may be occasional disruptions in internet services as a result.
The technology provider is working with relevant parties to defend against these DDoS attacks and speed up the recovery process. Synapxe and the Cyber Security Agency are also investigating the matter.
“The incident is a stark reminder that DDoS attacks are on the rise, with changing attack methods. DDoS attacks cannot be prevented, and the defences against DDoS attacks will have to constantly evolve to keep up with advancements,” Synapxe said.
“The public healthcare sector will take this opportunity to review our defences against DDoS attacks, and learn from the episode to further strengthen our cybersecurity.”
In 2016, DDoS attacks crippled telecommunications provider StarHub’s broadband network twice in three days. The Cyber Security Agency and Infocomm Media Development Authority said at the time that the attacks were caused by subscribers’ infected devices.