Relishing the role of a defender of Singapore’s healthcare sector

As healthcare systems, including patient records, diagnostics and life-saving equipment, become increasingly networked, the sector has become a prime target for cyberattacks, in Singapore and abroad.

In 2017, the WannaCry malware, which infected millions of computers globally, proved catastrophic for the UK’s National Health Service, paralysing computers at state-run medical facilities.

It is little surprise, therefore, that Synapxe’s Cyber Security Office’s Senior Systems Engineer, Muhammad Hafez Bin Ahmad, says he and his team “operate on the frontline during security incidents”.

Hafez, who has been in cybersecurity for nearly a decade, describes his role as a cybersecurity incident responder in simple terms: “I would say that it’s like being a firefighter, but for the tech space – helping to put out fires in an environment that is fast-paced and constantly evolving.”

Speaking to GovInsider, he notes that beyond responding to cyber incidents, his team proactively hunts for systemic vulnerabilities to strengthen public healthcare defences.

As Singapore's national HealthTech agency, Synapxe is responsible for developing and maintaining the technology solutions for the public healthcare system.

“In public healthcare, where every second counts, rapid response and decision-making are critical for maintaining care continuity,” he says, adding that when an incident occurs, patient safety is of paramount importance.

This means ensuring continued care delivery and, if necessary, activating downtime procedures to ensure clinical services continue without disruption, Hafez adds.

Prime target

He notes that the healthcare sector is a prime target of cyber-attacks because it contains high-value patient data, life-critical operations, and has a minimal tolerance for downtime.

“As cyber investigators, we have to be acutely aware of our public healthcare threat landscape coupled with threat intelligence of the evolving tradecraft of the cybercriminals,” he adds.

Hafez shares that his team’s mission is to ensure the effective containment and eradication of cyber incidents, facilitating operational recovery through a systematic and forensically sound approach.

“We identify the blast radius of the incident, ensuring effective containment before eradicating the source of the initial compromise,” he adds.

Hafez adds that the restoration of service is done collaboratively with business users, infrastructure partners and subject matter experts.

“Where necessary, digital forensic investigation may be conducted to examine and analyse how the incident occurred and determine system impact. These findings help to develop security improvements and strengthen defences against future incidents,” he adds.

Protecting patient data

Hafez agrees that patient data is incredibly sensitive and adds, “Data confidentiality weighs on all of us in the healthcare cybersecurity department.”

To subscribe to the GovInsider bulletin, click here. 

“From my team’s perspective, some of the best practices to protect data include implementing the principle of least privilege with robust multi-factor authentication (MFA).

“There should also be a focus on ensuring minimal access rights and strict administrative controls in the day-to-day operations to ensure that only the necessary people who really need to access the data is able to do so,” he says.

In this context, he reiterates that the human factor is important.

Most breaches, Hafez adds, are due to phishing, “so role-specific training, simulated phishing exercises, and prompt reporting mechanisms are essential”.

He notes that Synapxe plays an important role in helping Singapore's public healthcare clusters run these exercises and coordinate response drills.

AI as a tool

On the use of artificial intelligence (AI) in cybersecurity, Hafez says that it can work for both sides, malicious hackers, as well as defenders.

“AI is a tool whose impact depends on how people use it. Under the wrong hands, it can be a tool that increases the speed and scale of attacks, supercharging phishing campaigns, target discovery, and enabling sophisticated deepfakes,” he notes.

From the defence side, Hafez says the tricky part is learning how to integrate these AI tools properly into cyber defence.

“At Synapxe, we are focused on using AI in the right way to safeguard patient data and make sure healthcare services stay secure.

“So far, it has helped raise meaningful alerts, cutting down on false positives, and enabling quicker, more effective recovery,” he adds.

Hafez notes that his team is focused on constantly innovating its approach to deal with the threat of AI.

“We focus on reducing the attack surface through measures like device posture checks and blocking legacy authentication coupled with threat intelligence,” says Hafez.

Additionally, one important thing is learning to spot deepfakes and understanding how to use AI tools safely ourselves, he notes, adding: “It is a learning curve, and we are constantly updating our knowledge.”

Passion for digital forensics

On what excites him the most in his job, Hafez says it is digital forensics.

“I enjoy diving deep into systems to trace how a cyber incident occurred, uncover its origins, and analyse malware behaviour.

“It’s like CSI (crime scene investigation) work, but in the context of cybersecurity, where every finding helps strengthen our defences for the future,” he notes.

Hafez adds that the thrill comes from knowing that every investigation has real-world impact: protecting critical healthcare systems and, ultimately, the people who rely on them.

“This passion for cybersecurity started young, when I was the go-to ‘tech support’ for my family and friends,” he notes fondly.

Hafez adds that he also values the collaborative environment at Synapxe.

“My team is close-knit with strong working relationships. There’s always a lot to learn from each other in this ever-evolving field.”

Hafez’s advice to youngsters considering a cybersecurity career in HealthTech: technical knowledge is only the foundation.