Home News Another data breach: more than 800,000 blood donors’ personal information leaked online

Another data breach: more than 800,000 blood donors’ personal information leaked online

HSA sorry for vendors' security lapse but assures centralised blood bank system not affected.




- Advertisement -

Singapore – Yet another breach of security occurred when the Health Sciences Authority (HSA) was alerted on Mar 13 (Wed) that the personal information of over 800,000 blood donors had been accidentally leaked online.

HSA released a statement on Mar 15 (Fri) regarding the improper handling of confidential information.

The organisation said that one of its vendors, Secur Solutions Group Pte Ltd (SSG) “was not adequately safeguarded against access over the internet” causing for the HSA database to be accessed by anyone online.

The vendor, which provides services to HSA, has been working on a database containing personal information of 808,201 of HSA’s blood donors. Information such as the name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height, and weight were compromised.

- Advertisement -

According to the press release, the database contained no other sensitive, medical or contact information.

It was a cybersecurity expert who had first spotted the vulnerability and had immediately alerted the Personal Data Protection Commission. Soon after, HSA and SSG disabled access to the database and a police report was made.

“The expert has confirmed to HSA that he does not intend to disclose the contents of the database,” said HSA. “HSA is in contact with the expert on deleting the information.”

With the ongoing investigation, preliminary findings have shown no other unauthorised access to the database aside from the cybersecurity expert, during its period of vulnerability.

Furthermore, HSA explained that the information provided to SSG were for updating and testing purposes only. The vendor placed the data in an “internet-facing server” on January 4, 2019, and “failed to institute adequate safeguards to prevent unauthorised access.”

“It had done so without HSA’s knowledge and approval, and against its contractual obligations with HSA,” added the authority.

CEO of HSA Dr Mimi Choong has extended apologies for the incident, “We sincerely apologise to our blood donors for this lapse by our vendor. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe, and proper use of blood donor information.”

Donors can call the hotline number 62200183 for more information.

HSA has also uploaded a letter of apology to their blood donors:

Photo: HSA website screengrab

Send in your scoop to news@theindependent.sg 

- Advertisement -

Mixed reactions to Shanmugam’s promise to install ‘many more’ police cameras across Singapore

Singapore—Home Affairs and Law Minister K Shanmugam said in Parliament on Monday (March 1) that many more cameras will be installed in Singapore in addition to the 90,000 already located in public places such as car parks, neighbourhood centres and Housing...

‘Can we get a breakdown on those numbers?’ asks PSP’s Kumaran Pillai

Singapore — Progress Singapore Party's (PSP) Kumaran Pillai took to Facebook on Monday (Mar 1) to clarify his party's position. He made it clear the PSP did not want to close the Singapore economy but wanted a breakdown of the number...

Father tells daughter $650 monthly allowance is not enough and threatens to sue

  Bullied by her father who wants more money, a woman is asking how much children should give their parents once they start working. The post has gone viral. It was submitted to the anonymous confessions platform, the NUSwhispers Facebook page. NUSwhispers cannot...

Send in your scoop to news@theindependent.sg