In a recent incident on November 1st, Singapore’s public healthcare institutions faced an extensive disruption. This disruption was not a mere technical glitch but, in fact, a sophisticated cyber-attack in the form of a Distributed Denial of Service (DDoS) attack, according to Channel NewsAsia.
What is a DDoS attack?
A DDoS attack is a malicious act aimed at disrupting online services by overwhelming the target with an unusually high volume of data traffic. It is a common tactic used by cybercriminals to render websites and online services inaccessible.
The impact of the DDoS attack
The consequences of this DDoS attack were severe, with internet connectivity at public healthcare institutions being disrupted for hours. The disruption, which occurred from 9.20 am to 4.30 pm, affected a wide range of services, including websites, emails, and staff productivity tools.
During the attack, critical services that required internet connectivity were rendered inaccessible. However, it’s worth noting that despite this chaos, patient data and internal networks remained secure, ensuring that patient care was not compromised.
Synapxe’s response and security measures
Synapxe, the agency responsible for managing the technology infrastructure of Singapore’s public healthcare institutions, swiftly responded to the attack. They employ a layered defense mechanism designed to detect and respond to cyber threats, including DDoS attacks.
In addition to a layered defense, Synapxe utilizes redundancy and system backups to ensure resilience against such attacks. They also subscribe to services that can block abnormal surges in internet traffic before they can penetrate their public healthcare network.
Detecting the abnormal surge in network traffic
The attack commenced at 9.15 am when Synapxe detected an abnormal surge in network traffic. This surge managed to bypass the blocking service and overwhelmed the firewall behind the blocks. This ultimately resulted in the filtering out of traffic, rendering all websites and internet-reliant services inaccessible.
Once the cause of the attack was identified, Synapxe collaborated with service providers to implement measures to block the abnormal traffic, allowing legitimate internet services to resume. Services were progressively restored from 4.30 pm, alleviating the disruption that had persisted for several hours.
Synapxe statement
Investigations on the internet connectivity disruption for public healthcare institutions which happened on 1 November 2023 showed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack, where the attackers flood servers with internet traffic to prevent legitimate users from accessing online services. Synapxe has found no evidence to indicate that public healthcare data and internal networks have been compromised.
2. Internet connectivity at public healthcare institutions was disrupted between 9.20am and 4.30pm on 1 November 2023, with most of the affected services restored by 5.15pm. During the disruption, services requiring internet connectivity at public healthcare institutions, including websites, emails, productivity tools for staff, were inaccessible.
3. Throughout the incident, Synapxe was able to sustain the mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records. Patient data and the internal networks remained accessible and unaffected. Patient care was not compromised.
4. Synapxe’s networks are protected in a layered defence designed to detect and respond to cyber threats, including DDoS attacks. Our systems are also designed with redundancies for resilience, and these include system backups. To minimise the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services which block abnormal surges in internet traffic before they enter our public healthcare network. In addition, once the traffic is cleared by the blocking service, firewalls are in place to allow only legitimate traffic into the network.
5. On 1 November 2023, an abnormal surge in network traffic was detected at 9.15am. This surge circumvented the blocking service, and overwhelmed Synapxe’s firewall behind the blocks. This triggered the firewall to filter out the traffic, and all the websites and internet-reliant services became inaccessible. Once the cause was identified, Synapxe immediately worked with service providers to deploy measures to block the abnormal traffic in order to allow legitimate traffic required for internet services to resume. Services were restored progressively from 4.30pm.
6. The DDoS attacks are continuing, and we may see occasional disruptions in internet services as a result. Synapxe is working with relevant parties to actively defend against the attacks, and expedite the recovery processes. Investigations by Synapxe and the Cyber Security Agency (CSA) are also ongoing.
7. The measures put in place by Synapxe to protect our systems have enabled us to withstand the attacks with no compromise to healthcare data and internal networks.
8. The incident is a stark reminder that DDoS attacks are on the rise, with changing attack methods. DDoS attacks cannot be prevented, and the defences against DDoS attacks will have to constantly evolve to keep up with advancements.
9. The public healthcare sector will take this opportunity to review our defences against DDoS attacks, and learn from the episode to further strengthen our cybersecurity . It is important that we continue to remain vigilant against cybersecurity threats.