Is technology threatening Singapore’s healthcare system?

Jeffrey Kok, Senior Director - Asia-Pacific and Japan, Presales

With state-of-the-art infrastructure and a reputation for excellent medical practice, Singapore has a well-deserved reputation for first-class healthcare. Singapore ranks second in the world providing its citizens with quality healthcare and is also a major location for medical tourism in Asia. 

However, Singapore’s healthcare system cannot rest on its laurels. With 610,000 people aged above 65 in 2020, Health Minister Gan Kim Yong has emphasized the need for 30,000 more healthcare workers by 2020, including doctors who specialize in geriatric medicine. To improve productivity and reduce operational costs, the government has eagerly embraced technology to provide innovative solutions to these challenges. 

Telehealth, robotics and more 

The potential applications for the technology include everything from “intelligent” blood-sensitive bandages for dialysis patients to robots that help stroke patients’ exercise or keep dementia patients occupied. In the operating theater, robotic laparoscopic surgery has become relatively commonplace.

The Internet of Things and big data is driving positive disruption worldwide in healthcare and other industries; in Singapore, a few institutions are already examining how mobility might save time, money and trouble for procedures that don’t need an in-person visit. 

Catastrophic risks from security breaches

It all sounds like a brave new world – but there are warning signs on this expressway to digital health management that must not be ignored. 

In last year’s CyberArk Global Advanced Threat Landscape Survey, 61 percent of the survey respondents from United States, Europe (France, Germany, and United Kingdom), Israel and Asia Pacific (Australia, New Zealand, Singapore) revealed that attacks impacting healthcare and hospital services are viewed as potentially the most catastrophic threat. 

The main concern here is the ease with which IoT devices can be hacked. IoT devices are potentially the most vulnerable targets for cyber attackers today, for the very nature of their connectedness, the personal information they store and the general lack of security protocols. 

Passwords on a stick 

IoT devices, like all digital technologies, come with administrative privileges to provide a certain level of security. However, we often overlook the need to change the factory default password on such devices – and default passwords are elementary and easy to hack.  We only need to reference the widespread impact wrought by compromised devices of Starhub customers to see the damage potential for the healthcare industry.

The potential damage from hacked IoT devices includes the loss of personal, private patient data, as well as provide a gateway to the larger hospital system. Certainly, online repositories of data enable nurses and other professionals to easily provide advice remotely, but what if cyber attackers should get access to such data?

What’s more, the survey further revealed that 53 percent of the organizations (across all sectors) surveyed still store privileged and administrative passwords in a Word document or spreadsheet, while 39 percent use a shared server or USB stick.

A further threat is allowing third-party vendors access to internal networks. 

Organizations often overlook remote access controls, leaving an open door into the network. Singapore is the worst performer in this area, with 26 percent of Singaporean enterprises neglecting to secure third-party vendor access and 33 percent not monitoring at all.

The solution – a shared responsibility

Fortunately, there are well-defined steps that organizations can take to manage these risks. 

Allowing IoT devices to communicate openly and freely can no longer continue. While it is the responsibility of the vendors to make securing their devices easy – and industry-enforced standards and regulations may be necessary to enforce these practices, the administrative privilege must be managed by both the customer and vendor. 

Staff training is another critical area. A study by Ponemon Institute recently reported that 56 percent of security practitioners surveyed said company insiders are the primary cause of security breaches – not due to malicious actors, but simply bad security habits.  
The first line of defense against the well-intentioned insider is awareness and training. 

All employees should be educated to understand the risks, organizational policies and the reasons for those policies. 

Privileged accounts are another area of concern. The lack of accountability and protection of privileged accounts is most often exploited by cyber attackers. The benefits of protective controls and detection capabilities on privileged accounts and credentials should not be overlooked, as part of a comprehensive security strategy. 

Finally, consumers too must play their part in a determined and consistent effort to adopt best practices. These include changing default passwords on IoT devices, keeping firmware updated, choosing more secure and supported IoT devices, being aware of phishing attacks and avoiding sharing of private information and passwords. 

One hundred percent cyber security can never be guaranteed, but a serious effort by vendors, healthcare staff, and consumers to improve their security consciousness will go a long way toward protecting the undoubted benefits that technology brings to patients.