Home News Another : more than 800,000 blood donors’ personal information leaked online

Another data breach: more than 800,000 blood donors’ personal information leaked online

sorry for vendors' security lapse but assures centralised blood bank system not affected.




- Advertisement -

Singapore – Yet another breach of security occurred when the Health Sciences Authority () was alerted on Mar 13 (Wed) that the personal information of over 800,000 blood donors had been accidentally leaked online.

HSA released a statement on Mar 15 (Fri) regarding the improper handling of confidential information.

The organisation said that one of its vendors, Secur Solutions Group Pte Ltd () “was not adequately safeguarded against access over the internet” causing for the HSA database to be accessed by anyone online.

The vendor, which provides services to HSA, has been working on a database containing personal information of 808,201 of HSA’s blood donors. Information such as the name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height, and weight were compromised.

- Advertisement -

According to the press release, the database contained no other sensitive, medical or contact information.

It was a cybersecurity expert who had first spotted the vulnerability and had immediately alerted the Personal Data Protection Commission. Soon after, HSA and disabled access to the database and a police report was made.

“The expert has confirmed to HSA that he does not intend to disclose the contents of the database,” said HSA. “HSA is in contact with the expert on deleting the information.”

With the ongoing investigation, preliminary findings have shown no other unauthorised access to the database aside from the cybersecurity expert, during its period of vulnerability.

- Advertisement -

Furthermore, HSA explained that the information provided to SSG were for updating and testing purposes only. The vendor placed the data in an “internet-facing server” on January 4, 2019, and “failed to institute adequate safeguards to prevent unauthorised access.”

“It had done so without HSA’s knowledge and approval, and against its contractual obligations with HSA,” added the authority.

CEO of HSA Dr Mimi Choong has extended apologies for the incident, “We sincerely apologise to our blood donors for this lapse by our vendor. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe, and proper use of blood donor information.”

Donors can call the hotline number 62200183 for more information.

- Advertisement -

HSA has also uploaded a letter of apology to their blood donors:

Photo: HSA website screengrab
Follow us on Social Media

Send in your scoops to news@theindependent.sg 

- Advertisement -

Suspected Ang Mo Kio cat-slasher arrested

Singapore – A 37-year-old man has been arrested for his suspected involvement in a series of cat-slashing incidents in Ang Mo Kio. The Animal & Veterinary Service (AVS), an entity under the National Parks Board (NParks), conducted an operation on Tuesday (June...

Circles.Life telco comes under fire for ad that implies hierarchy between Chinese, Malays and Filipinos; company does not apologise

Update In an update, Circles.Life Singapore issued an apology on their Instagram page on Thursday (Jun 10).   View this post on Instagram   A post shared by Circles.Life (@circleslifesg) Delbert Stanley Ty, Head of Marketing also added: “We messed up. We’re sorry. Our posts were tone...

‘Badge Lady’ asks that charges against her be dropped, claims there were ‘errors’ in the investigation

Singapore — Phoon Chiu Yoke, or "Badge Lady" as she is called by netizens, has been released on S$8,000 bail after she was remanded at the Institute of Mental Health (IMH) for two weeks. The 53-year-old was infamously caught on camera refusing...
Follow us on Social Media

Send in your scoops to news@theindependent.sg