SINGAPORE: An hours-long disruption that affected the websites of Singapore’s public healthcare institutions on Wednesday (Nov 1) was caused by a distributed denial-of-service (DDoS) attack.
In a statement on Friday, Singapore health tech agency Synapxe said investigations showed that attackers flooded servers with internet traffic to prevent legitimate users from accessing online services.
“The DDoS attacks are continuing, and we may see occasional disruptions in internet services as a result,” said the agency, adding that there was no evidence to indicate that public healthcare data and internal networks have been compromised.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt online services or sites by overwhelming its target with unusually high volumes of data traffic.
Synapxe, whose website was also down on Wednesday, supports the operations of 46 public healthcare institutions. These include acute hospitals and polyclinics, as well as around 1,400 community partners such as nursing homes and general practitioners.
The websites of Singapore General Hospital, National University Hospital and Tan Tock Seng Hospital were among those affected, as was that of the Agency for Integrated Care (AIC).
DISRUPTION
On Wednesday, internet connectivity at public healthcare institutions was disrupted between 9.20am and 4.30pm, with most of the affected services restored by 5.15pm.
During the disruption, services that required internet connectivity at the institutions, including websites, emails and productivity tools for staff, were inaccessible.
“Throughout the incident, Synapxe was able to sustain the mission-critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records.
“Patient data and the internal networks remained accessible and unaffected. Patient care was not compromised.”
Related:
Singapore health tech agency says no data compromised after hours-long 'disruption' to public hospital websites
DDoS attack on StarHub first of its kind on Singapore's telco infrastructure: CSA, IMDA
Synapxe’s networks are protected in a “layered defence” designed to detect and respond to cyber threats, including DDoS attacks, it said.
“Our systems are also designed with redundancies for resilience, and these include system backups,” it added.
“To minimise the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services which block abnormal surges in internet traffic before they enter our public healthcare network.”
Additionally, once internet traffic is cleared by the blocking service, firewalls are in place to allow only legitimate traffic into the network, said the agency.
Synapxe detected an abnormal surge in network traffic at 9.15am. The surge had circumvented the blocking service and overwhelmed the agency’s firewall behind the blocks.
This triggered the firewall to filter out the traffic, and all the websites and internet-reliant services became inaccessible.
“Once the cause was identified, Synapxe immediately worked with service providers to deploy measures to block the abnormal traffic in order to allow legitimate traffic required for internet services to resume.”
Services were restored progressively from 4.30pm.
What is a DDoS attack?
A distributed denial of service (DDoS) attack is a malicious attempt to disrupt an online service or site by flooding it with unusually high volumes of data traffic. It is one of the most common types of cyberattacks.
Since web servers can only handle a certain number of requests at once due to bandwidth constraints, DDoS attacks overwhelm the web server with many bogus simultaneous requests, leaving it unable to process legitimate ones.
Customers and users who try to access targeted services will typically be met with an error message or be unable to load the content.
The Cyber Security Agency said on its website that such attacks can be carried out by computers that have been compromised by “cyber attackers”. The ensuing service outage may then cause organisations to suffer financial losses, operational disruption or reputational damage.
In October 2023, Internet companies Google, Amazon and Cloudflare reported a battle with the internet’s largest-known denial of service attack. These attacks were capable of generating hundreds of millions of requests per second, according to the tech firms.
Singapore telco StarHub also suffered a DDoS attack in 2016, involving compromised devices such as webcams and routers. CSA and the Infocomm Media Development Authority said at the time that any internet-connected device, from Wi-Fi routers to printers to CCTVs, can inadvertently be part of a network of “bots” that can be activated to attack other systems.
Collapse Expand
HEALTHCARE DATA AND INTERNAL NETWORKS NOT COMPROMISED
Synapxe said the measures that were put in place to protect its systems have enabled it to withstand the attacks with “no compromise” to healthcare data and internal networks.
“The incident is a stark reminder that DDoS attacks are on the rise, with changing attack methods. DDoS attacks cannot be prevented, and the defences against DDoS attacks will have to constantly evolve to keep up with advancements,” said the health tech agency.
Synapxe said that it is working with other parties to actively defend against the attacks, as well as expedite the recovery process. Investigations by Synapxe and the Cyber Security Agency (CSA) are ongoing.
The public healthcare sector will also take this opportunity to review its defences against DDoS attacks and further strengthen its cybersecurity, said the agency.
“It is important that we continue to remain vigilant against cybersecurity threats,” added Synapxe.