Average Number of Cyberattacks on Public Healthcare Institutions Annually

27 Mr Melvin Yong Yik Chye asked the Minister for Health (a) over the past five years, what is the average number of cyberattacks faced by our public healthcare institutions annually; (b) what safeguards are put in place to protect such critical systems; and (c) what allowed the cyberattack on 1 November 2023 to succeed in bringing a seven-hour disruption to the websites of several public healthcare institutions.

Mr Ong Ye Kung: Synapxe receives and blocks an average of 3,000 malicious emails per day and 1.7 million attempts to bypass Internet-facing firewalls per month.

Critical Information Infrastructure in the healthcare sector are regulated under the Cybersecurity Act. We adopt a layered Defence-In-Depth approach to safeguard our systems. In addition, we have an Advanced Security Operations Centre with detection and response capabilities; incident response processes calibrated against actual security incidents; and aligned to the National Cybersecurity Incident Response Framework. More than 10 cybersecurity table-top exercises have also been conducted in the last five years.

The Internet connectivity disruption for public healthcare institutions on 1 November 2023 was triggered by abnormal spikes in Internet traffic, also known as a Distributed Denial-of-Service (DDoS) attack. The abnormal traffic circumvented the anti-DDoS blocking services and overwhelmed the firewall. This caused the firewall to filter out the traffic, as well as other services requiring Internet connectivity, including websites and Internet-reliant services, which became inaccessible.

Since the disruption, Synapxe has enhanced its anti-DDoS measures. The public healthcare sector will take this opportunity to learn from the episode, review its defences against DDoS attacks and improve its incident response and recovery time.