Cyber Incident Victim: Synapxe
Date:
Nov 2023
Location:
Singapore
Summary
A distributed denial-of-service (DDoS) attack disrupted internet connectivity across public healthcare institutions, rendering websites, staff emails, and productivity tools inaccessible for approximately seven hours. The attack circumvented traffic-blocking services and overwhelmed network firewalls, though critical clinical systems—including patient records—remained operational without compromise to healthcare data or internal networks. Service restoration began progressively after mitigation efforts with providers to filter malicious traffic. Ongoing DDoS attacks may cause intermittent disruptions, prompting the organization to collaborate with cybersecurity authorities on active defense measures and a review of evolving countermeasures against such threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 1, 2023, Synapxe, Singapore’s national health technology provider, experienced a Distributed Denial-of-Service (DDoS) attack targeting public healthcare institutions’ internet connectivity. The attack began at approximately 9:15 a.m. when an abnormal surge in network traffic bypassed Synapxe’s traffic-blocking service, overwhelming its firewall infrastructure. This caused widespread disruption to internet-dependent services across 46 public healthcare institutions, including acute hospitals, polyclinics, and approximately 1,400 community partners such as nursing homes and general practitioners. Between 9:20 a.m. and 4:30 p.m., public-facing websites for institutions like Singapore General Hospital, National University Hospital, and Tan Tock Seng Hospital became inaccessible, alongside staff productivity tools, emails, and other internet-reliant systems. Synapxe confirmed the outage stemmed from attackers flooding servers with traffic to prevent legitimate access, though internal clinical systems—including patient records—remained operational due to redundancies and layered defenses. Mission-critical systems supporting clinical services and operations were sustained throughout the incident, ensuring no compromise to patient care or internal networks. Synapxe’s response team identified the attack’s cause and collaborated with service providers to deploy countermeasures, progressively restoring services starting at 4:30 p.m., with full recovery achieved by 5:15 p.m.
Synapxe’s infrastructure included a multi-layered defense strategy designed to detect and mitigate cyber threats like DDoS attacks, incorporating traffic-blocking services to filter abnormal surges before they entered the public healthcare network, followed by firewalls to permit only legitimate traffic. Despite these safeguards, the November 1 attack circumvented the external blocking service, directly targeting the firewall and forcing it to filter excessive traffic, which inadvertently blocked all internet access. Synapxe emphasized no evidence indicated breaches of healthcare data or internal systems, attributing resilience to system redundancies and backups. Following initial containment, Synapxe reported ongoing DDoS attacks, warning of potential intermittent service disruptions as it worked with the Cyber Security Agency (CSA) and other parties to investigate the incident and strengthen defenses. The organization acknowledged the evolving nature of DDoS threats and committed to reviewing its cybersecurity posture, noting such attacks cannot be entirely prevented but require adaptive countermeasures. The incident disrupted non-clinical internet services for seven hours but preserved core healthcare operations, underscoring the separation between public-facing and critical internal networks in maintaining continuity during cyber incidents.