// Adds dimensions UUID, Author and Topic into GA4
Monday, June 8, 2026
26.6 C
Singapore
type here...
Photo: Freepik (for illustration purposes only).
Singapore NewsLaw
1 min.Read

Singapore healthcare service provider & vendor fined $68,000 after patients’ data was found being sold on dark web

Anna Maria Romero
By Anna Maria Romero

SINGAPORE: A data breach in 2020 from a Singapore-based healthcare service provider resulted in patients’ information getting put up for sale the following year in a forum on the dark web.

The company, Fullerton Health Group, and its vendor have been fined $68,000 due to a leak that potentially affected around 150,000 Fullerton Health patients along with its corporate clients’ employees.

Not only was health information compromised, but also identity numbers, telephone numbers, and financial details, including bank account numbers and codes.

The healthcare provider was given a $58,000 fine, and Agape Connecting People Holdings, the social enterprise that aided in making appointments for Fullerton Health’s patients, was fined another $10,000.

Fullerton Health became aware on Oct 15, 2021, that its clients’ data was offered for sale on a forum on the dark web, online spaces that can only be accessed through special software which allows users and operators to be anonymous or untraceable.

The company then engaged the services of cybersecurity consultants, who contacted the alleged data vendor, who said that he took the data from the internet-facing file server of Agape.

According to the Personal Data Protection Commission (PDPC), Fullerton Health worsened the situation by inadvertently disclosing unnecessary sensitive personal data only meant for employees’ internal use on the online drive it shared with Agape, which included codes for surgical procedures carried out in hospitals.

Agape does not need these codes or other shared data.

“These datasets were not required by Agape for the performance of the services, and this inadvertent disclosure ultimately led to a greater loss of personal data during the incident,” said the PDPC.

The PDPC held Fullerton Health responsible for exercising due diligence and reasonable supervision over Agape.

Shortly after Fullerton Health became aware of the breach, the post on the dark web forum was taken down. In the interim, Fullerton Health and Agape informed the PDPC about the data breach. /TISG

2,400 MINDEF, SAF personnel possible data breach victims due to malware incidents

- Advertisement -
Google News Follow Google News WhatsApp Join us on WhatsApp Telegram Follow us on Telegram

Hot this week

Asia This Week

Hong Kong principal dismissed after shouting at guards in Singapore says he’ll pursue legal advice

Update on the Hong Kong principal who was fired after he was caught screaming at security guards during a trip to Singapore says he will pursue his contract rights. He tried to resign with a last d...
Jobs

Salary increase may attract young locals but may not retain them: Bus captains

SINGAPORE: The government recently announced that it will fund a S$450 monthly increase in starting salaries for new Singaporean and permanent resident bus captains from next year in a bid to attra...

Popular Categories

Singapore NewsFeatured NewsSG EconomySingapore PoliticsLifestyleCelebrityInternational
document.addEventListener("DOMContentLoaded", () => { const trigger = document.getElementById("ads-trigger"); if ('IntersectionObserver' in window && trigger) { const observer = new IntersectionObserver((entries, observer) => { entries.forEach(entry => { if (entry.isIntersecting) { lazyLoader(); // You should define lazyLoader() elsewhere or inline here observer.unobserve(entry.target); // Run once } }); }, { rootMargin: '800px', threshold: 0.1 }); observer.observe(trigger); } else { // Fallback setTimeout(lazyLoader, 3000); } });

The Independent SG

Also Visit

Social Media

© The Independent Singapore

// //
Enable Notifications OK No thanks