Skip to main content



Doctors, medical workers facing brunt of disruption following Internet separation

SINGAPORE — Amid criticism over the delay in implementing Internet separation in the public healthcare sector — which would have prevented the recent SingHealth cyber attack — doctors and other employees told TODAY their routine work has been significantly disrupted after they have had to delink their computers from the Web starting last Friday (July 20).

Doctors and other employees told TODAY their routine work has been significantly disrupted after they have had to delink their computers from the Web starting last Friday (July 20).

Doctors and other employees told TODAY their routine work has been significantly disrupted after they have had to delink their computers from the Web starting last Friday (July 20).

SINGAPORE — Amid criticism over the delay in implementing Internet separation in the public healthcare sector — which would have prevented the recent SingHealth cyber attack — doctors and other employees told TODAY their routine work has been significantly disrupted after they have had to delink their computers from the Web starting last Friday (July 20).

The doctors, who could not be named as they were not authorised to speak to the media, said they have to use their own devices, such as their phones, to access medical information resources on the Internet.

One of them noted that the Internet workstations were not a practical solution, as he would have to leave the room to access the information. While seemingly minor, such an inconvenience could potentially have major consequences if doctors go by their hunches without ascertaining the relevant information, he said.

An allied health professional working at the Singapore General Hospital (SGH) said she has started bringing her personal laptop to work in order to perform her routine tasks, and it is being shared by her colleagues.

Previously, they would use an online portal to submit orders for logistics required for health screenings, for example. Now, they have to do so manually.

Responding to media queries, the Ministry of Health said it has received feedback from the public healthcare clusters of "some disruptions and adjustments" which are needed as a result of the implementation of Internet-surfing separation. "We will work to ensure that patient care and safety are not compromised, and seek the understanding of our patients as we address the issues on the ground," the ministry added.

SingHealth completed its Internet separation last Friday, and the two other public healthcare clusters – National Healthcare Group (NHG), which serves the northern parts of the island, and National University Health System (NUHS), which serves the west – have followed suit.


SingHealth group chief operating officer Tan Jack Thian said there have been "some inconveniences" to patients. It is making adjustments to work processes, and progressively redeploying laptops that can access Internet to the various departments in the next few days, Mr Tan said in response to media queries.

In the interim, tele-health services which require Internet access are temporarily suspended, for example.

For birth registration, parents are requested to register directly with the Immigration and Checkpoints Authority. Next-of-kin who need to register any deaths are referred to the police stations.

Staff also need to use a "separate shared workstation with Internet access" to check a patient's insurance information with insurance companies, in cases of financial counselling for inpatient admission.

"The patient may be requested to complete other processes first, so that they do not have to wait unnecessarily," Mr Tan said. "For example, they may be asked to complete other forms, such as the medical claims authorisation form (to use Medisave to pay for medical treatment)."

At NHG, Group Chief Information Officer Ho Khai Leng said its cashless payment system was initially "temporarily affected", causing inconvenience to patients, but the problem has been rectified.

However, the staff are experiencing some inconvenience in terms of access to medical journals, having to perform manual logging of backend data, and slower WiFi connection, for example.

Mr Ho noted that most of NHG's patient care services reside within its corporate IT network. Internet access for corporate-issued computers and laptops has been delinked since Monday, he added. Staff who require Internet access for their work have to use "dedicated internal reconfigured laptops".

"Patient care and safety remain our priority, and we seek everyone's kind understanding," Mr Ho reiterated.

IT staff have been stationed at all NHG's public institutions to "manage and monitor any issue that may arise". Employees can also call hotlines for assistance.

NUHS said it is seeing “minimal impact” on frontline operations because most of its system applications reside on its intranet. “Laboratory and scan records are also not affected as they are on internal systems. Likewise, our patients can continue to make payment via modes such as NETs and credit cards,” it added.

NUHS staff have been working round the clock to ensure its readiness for Internet separation.  Priority was given to deployment of resources to critical patient care areas as well as frontline patient services, NUHS said. 

Nevertheless, there are some vendor-managed systems that require Internet access. Some of the financial assistance and routine claims for bills which were done via the Internet will now have to be “prioritised, planned and scheduled to be done in batches”, which may result in a longer turnaround time, NUHS said. Resources have been deployed at its various institutions to provide additional IT support for hardware and connectivity issues.

On Tuesday, Deputy Prime Minister Teo Chee Hean said that Internet separation "could and should have" been implemented on the public healthcare systems "just as we have done on our public sector systems".

At the press conference last Friday where the Government made public the cyberattack, Health Minister Gan Kim Yong said the authorities did consider implementing Internet-surfing separation at public healthcare institutions, but they took a "very cautious approach", given the implications for the convenience of patients and healthcare professionals.

Following the cyberattack, he made the decision to impose the separation temporarily, Mr Gan had added.

Hackers stole the data of 1.5 million SingHealth patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong during the cyber attack from June 27 to July 4.

In May last year, the Government had delinked public servants' work computers from the Internet.

Dr Bilveer Singh, who is an adjunct senior fellow at the Centre of Excellence for National Security at the S Rajaratnam School of International Studies, criticised the selective implementation of the Internet separation policy.

"If you have a policy, carry it out through the length and breadth. No use talking after the fact and say 'it should have been'," he said. "I think it is a no brainer issue… there have been attacks for the last 10 years already. (This is) nothing new."

Cyber security expert Eugene Lee pointed out that even without delinking the computers from the Internet, there should be policies and procedures spelling out the dos and don'ts for staff when assessing their personal email via the Internet or downloading files, for example.

Mr Lee, who is the head of business development at cybersecurity firm Connectivity Global, said that based on the publicly available facts about the SingHealth cyber attack, it appeared that the guidelines were "were possibly not well defined".

Nevertheless, Singapore Management University law professor Eugene Tan noted that it is "always easier to be wiser after the fact".

While Internet separation would have reduced the likelihood of a successful attack, it is not a silver bullet, said Assoc Prof Tan. "A determined and sophisticated attacker will find a weak point, he added. "The costs of Internet separation have to be taken into account as well. These include productivity and additional cost of having more hardware, among others."


Cybersecurity experts said there is a high possibility that the hackers in the SingHealth cyber attack had first phished for a username and password to gain initial access to the system.

Nanyang Technological University Associate Professor Anwitaman Datta said phishing was "very likely… the initial attack vector".

Agreeing, Ms Eying Wee of Check Point Software Technologies suggested that this was most likely done via an email which was designed to look legitimate, such as a bill or invoice from a supplier or job application with a resume attachment.

On Tuesday, Deputy Prime Minister Teo Chee Hean noted how the thousands of SingHealth front-end computers connected to the Internet provided a large number of openings that hackers successfully exploited.

Digital forensics specialist Ali Fazeli said that most successful hacks these days tap on "social engineering techniques".

"Hacking does not happen using sophisticated source codes, or finding and exploiting the vulnerabilities. Most hackings happen through weakness in the human being – the user itself," he said.

As the compromised user's account only afforded "outer layer" resources — with limited access privilege to the backend network and servers — the hackers would have to work their way into the "inner network" by circumventing security controls one by one.

The goal would be to gain the right to "query" the database — or in other words, run codes to request for certain data sets — to extract data, before transferring the stolen information to servers outside of Singapore.

Explaining how cyber defences could be set up to alert intruders, Assoc Prof Datta said: "A normal user would query a small volume of data over a period of time, and only at a small frequency. A specific user may not have the right to query certain data. These, among others, can all be used as heuristics to define (what constitutes unusual), that could trigger a red flag."

The experts noted that in the case of the SingHealth cyber attack, the fact that the hackers did not make off with even more sensitive data suggests that some network segregation was in place.

"Hackers seemingly couldn't go where they wanted — payment card data was out of reach, and so, it seems, were details of medical history," said Mr Paul Ducklin, a senior technologist at Sophos.

It was likely that the hackers managed to gain only limited privileges, and not the administrator-level privileges which would have given them access to all the data, he added.


Read more of the latest in



Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.