Home News Another : more than 800,000 blood donors’ personal information leaked online

Another data breach: more than 800,000 blood donors’ personal information leaked online

sorry for vendors' security lapse but assures centralised blood bank system not affected.

Author

Date

Category

- Advertisement -

Singapore – Yet another breach of security occurred when the Health Sciences Authority () was alerted on Mar 13 (Wed) that the personal information of over 800,000 blood donors had been accidentally leaked online.

HSA released a statement on Mar 15 (Fri) regarding the improper handling of confidential information.

The organisation said that one of its vendors, Secur Solutions Group Pte Ltd () “was not adequately safeguarded against access over the internet” causing for the HSA database to be accessed by anyone online.

The vendor, which provides services to HSA, has been working on a database containing personal information of 808,201 of HSA’s blood donors. Information such as the name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height, and weight were compromised.

- Advertisement -

According to the press release, the database contained no other sensitive, medical or contact information.

It was a cybersecurity expert who had first spotted the vulnerability and had immediately alerted the Personal Data Protection Commission. Soon after, HSA and disabled access to the database and a police report was made.

“The expert has confirmed to HSA that he does not intend to disclose the contents of the database,” said HSA. “HSA is in contact with the expert on deleting the information.”

With the ongoing investigation, preliminary findings have shown no other unauthorised access to the database aside from the cybersecurity expert, during its period of vulnerability.

Furthermore, HSA explained that the information provided to SSG were for updating and testing purposes only. The vendor placed the data in an “internet-facing server” on January 4, 2019, and “failed to institute adequate safeguards to prevent unauthorised access.”

“It had done so without HSA’s knowledge and approval, and against its contractual obligations with HSA,” added the authority.

CEO of HSA Dr Mimi Choong has extended apologies for the incident, “We sincerely apologise to our blood donors for this lapse by our vendor. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe, and proper use of blood donor information.”

Donors can call the hotline number 62200183 for more information.

HSA has also uploaded a letter of apology to their blood donors:

Photo: HSA website screengrab

Please follow and like us:
Tweet
Share
- Advertisement -

Falling concrete from Tampines HDB block sparks worry among residents

Singapore – Residents of a HDB (Housing & Development Board) block in Tampines are worried about the state of their building after experiencing concrete falling off two pillars along the corridor. Large cracks could be seen forming on many of the concrete...

Businessman gets back S$12.7m from ex-mistress but she keeps condo unit and car

Singapore — A wealthy businessman from China who plied his former mistress with gifts before and during their relationship has sued successfully to get back S$12.7 million he had transferred to her while they were together. Mr Xu Zhigang, who is married,...

LKY’s last will: Lee Suet Fern disagrees with 15-month suspension

Singapore — Lawyer Lee Suet Fern issued a statement on Friday (Nov 20) after it was announced that the Court of Three Judges had suspended her from practising for 15 months over her handling of the last will of her late...
Please follow and like us:
Tweet
Share
Follow Me
Tweet