When a Flagship ‘Paperless’ Hospital Went Dark for 33 Hours
Ampang Hospital, once promoted as a fully computerised, paperless tertiary centre, recently experienced a 33-hour hospital IT outage when its electronic Hospital Information System (eHIS) collapsed. Doctors reported that the system failed at 9 a.m. one day and only returned around 6 p.m. the next, disrupting blood test results, prescriptions, admissions and discharges. A corrupt file affecting seven core modules crippled the legacy platform, which has reportedly not been upgraded since the facility opened in 2007. Clinicians were forced back to manual workflows, writing records on paper and postponing specialist clinic appointments because key information—past medical history, medication lists and imaging—remained trapped in the offline system. Behind the scenes, staff struggled with ageing hardware, including laptops that frequently fail and desktop machines still running Windows XP and Windows 7 with Internet Explorer, long after official support ended. The outage was the largest yet, following more than ten failures in the previous year.
Why Hospital IT Outages Directly Impact Your Care
Modern hospitals depend on tightly integrated electronic health records, order entry and imaging systems. Platforms like eHIS handle registration, triage, lab orders, blood results, medication prescribing, X-ray viewing and billing. When those systems crash, clinicians lose instant access to vital information: allergy lists, recent lab trends, chemotherapy doses, or discharge summaries. In Ampang Hospital’s case, staff used a backup paper-based procedure, but this could not restore historical data or imaging, slowing treatment decisions and forcing delays in specialist clinics. Manual transcription also introduces risks of misreading handwriting, duplicating tests, or omitting key history. For patients, a hospital system downtime can mean waiting longer for diagnosis, postponed procedures, or errors in medication charts. The outage highlights how electronic health records are not just administrative tools; they are the central nervous system of clinical care. When that nervous system fails, the entire organisation’s ability to deliver safe, timely treatment is compromised.
Windows XP Security, Ransomware and Healthcare Cyber Risk
Running a hospital on Windows XP and Internet Explorer is more than an inconvenience; it is a security liability. Microsoft ended support for Windows XP in 2014 and retired Internet Explorer in 2022, meaning no new security patches for newly discovered vulnerabilities. Unsupported operating systems are prime targets for ransomware and other cyberattacks that can encrypt or exfiltrate electronic health records. Once malware penetrates such an environment, it can move rapidly across outdated machines, taking down critical systems from lab platforms to radiology archives. Beyond service disruption, this raises the spectre of data breaches: exposure of diagnoses, genetic information, insurance details and identification numbers. Ampang Hospital’s repeated eHIS failures may not yet be linked to cybercrime, but they reveal a broader healthcare cyber risk: technical debt in public and private providers that run critical infrastructure on obsolete software. In a sector where downtime can cost lives, treating cybersecurity as optional is no longer tenable.
A Global Technical Debt Problem in Healthcare
The issues seen at Ampang Hospital echo a global pattern: early ‘model IT hospitals’ that digitised aggressively now struggle with ageing systems, unpatched software and insufficient hardware refresh cycles. Over time, constrained budgets, complex procurement and competing clinical priorities create technical debt—systems that are too old to support modern security or interoperability, yet too embedded to replace easily. Staff report broken keyboards, non-functional ward-round trolleys, and too few laptops to share among multiple patient cubicles, forcing them to print electronic records and reintroduce paper waste. This pattern is not confined to a single institution; many public and private hospitals worldwide face similar challenges in their core hospital IT infrastructure. Without continuous investment in upgrades, training and maintenance, flagship systems become fragile bottlenecks. When technical debt accumulates in healthcare, the cost is not just efficiency; it is delayed treatment, compromised safety and erosion of public trust in digital health initiatives.
What Patients Can Ask—and How Hospitals Can Modernise Safely
Patients cannot audit hospital networks, but they can ask informed questions. During registration or follow-up, you can inquire whether your provider uses electronic health records, whether you can access your records online, and what happens if systems go down—are there clear backup procedures to maintain continuity of care? You can also ask how your data are protected and whether multi-factor authentication and audit logs are in place. For regulators and hospital administrators, priorities should include phased migration away from obsolete systems like Windows XP, adopting cloud-based health record platforms where appropriate, and ensuring redundancy so that critical services can fail over without interrupting care. Regular penetration testing, disaster recovery drills and hardware refresh plans should be standard, not optional extras. Modernisation must be gradual and carefully staged to avoid new downtime, but the Ampang Hospital incident shows that postponing upgrades indefinitely only shifts risk onto patients’ safety and privacy.