Lessons From Seven-Hour Disruption To Websites of Major Public Healthcare Institutions on 1 November

NOTICE PAPER NO. 2379
NOTICE OF QUESTION FOR ORAL ANSWER
FOR THE SITTING OF PARLIAMENT ON 22 NOVEMBER 2023

Name and Constituency of Member of Parliament
Ms Poh Li San
MP for Sembawang GRC

Question No. 5421

To ask the Minister for Health (a) what caused the inaccessibility of the websites of major public hospitals and polyclinics for more than seven hours on 1 November 2023; (b) what was the impact on users of these websites; (c) what lessons were learnt from this disruption; and (d) what measures will be put in place to mitigate the risks and prevent the reoccurrence of similar disruptions.

NOTICE PAPER NO. 2396
NOTICE OF QUESTION FOR ORAL ANSWER
FOR THE SITTING OF PARLIAMENT ON 22 NOVEMBER 2023

Name and Constituency of Member of Parliament
Mr Pritam Singh
MP for Aljunied GRC

Question No. 5424

To ask the Minister for Health (a) what was the cause of the seven-hour disruption to the websites of several public healthcare institutions on 1 November 2023; and (b) what remedial measures have been instituted to mitigate against future disruptions.

NOTICE PAPER NO. 2401
NOTICE OF QUESTION FOR ORAL ANSWER
FOR THE SITTING OF PARLIAMENT ON 22 NOVEMBER 2023

Name and Constituency of Member of Parliament
Ms Jessica Tan Soon Neo
MP for East Coast GRC

Question No. 5449

To ask the Minister for Health (a) whether the Ministry has any insight on the motive of the distributed denial of service attack on 1 November 2023 which caused disruptions to polyclinics and other public healthcare institutions; and (b) what are the implications on healthcare and other services provided by public healthcare institutions as reports indicate that such attacks are likely to continue.

Written Answer

The internet connectivity disruption for public healthcare institutions on 1 November 2023 was triggered by abnormal spikes in internet traffic, also known as a Distributed Denial-of-Service (DDoS) attack. The abnormal traffic circumvented the anti-DDoS blocking services and overwhelmed the firewall. This caused the firewall to filter out the traffic, as well as other services requiring internet connectivity, including websites and internet-reliant services, which became inaccessible. 

Throughout the incident, patient care was not compromised. Mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records, continued uninterrupted. There has been no evidence to indicate that public healthcare data and internal networks have been compromised. 
DDoS attacks are on the rise, with changing attack methods. Those who deploy them have a variety of motives, from hacktivism to petty misdemeanor. The defences against DDoS attacks will have to constantly evolve to keep up with developing threats. The public healthcare sector will take this opportunity to learn from the episode, and review its defences against DDoS attacks, and to improve its incident response and recovery time.