// Adds dimensions UUID, Author and Topic into GA4
Monday, June 29, 2026
29.4 C
Singapore
type here...
Photo: Freepik (for illustration purposes only).
Singapore NewsLaw
1 min.Read

Singapore healthcare service provider & vendor fined $68,000 after patients’ data was found being sold on dark web

Anna Maria Romero
By Anna Maria Romero

SINGAPORE: A data breach in 2020 from a Singapore-based healthcare service provider resulted in patients’ information getting put up for sale the following year in a forum on the dark web.

The company, Fullerton Health Group, and its vendor have been fined $68,000 due to a leak that potentially affected around 150,000 Fullerton Health patients along with its corporate clients’ employees.

Not only was health information compromised, but also identity numbers, telephone numbers, and financial details, including bank account numbers and codes.

The healthcare provider was given a $58,000 fine, and Agape Connecting People Holdings, the social enterprise that aided in making appointments for Fullerton Health’s patients, was fined another $10,000.

Fullerton Health became aware on Oct 15, 2021, that its clients’ data was offered for sale on a forum on the dark web, online spaces that can only be accessed through special software which allows users and operators to be anonymous or untraceable.

The company then engaged the services of cybersecurity consultants, who contacted the alleged data vendor, who said that he took the data from the internet-facing file server of Agape.

According to the Personal Data Protection Commission (PDPC), Fullerton Health worsened the situation by inadvertently disclosing unnecessary sensitive personal data only meant for employees’ internal use on the online drive it shared with Agape, which included codes for surgical procedures carried out in hospitals.

Agape does not need these codes or other shared data.

“These datasets were not required by Agape for the performance of the services, and this inadvertent disclosure ultimately led to a greater loss of personal data during the incident,” said the PDPC.

The PDPC held Fullerton Health responsible for exercising due diligence and reasonable supervision over Agape.

Shortly after Fullerton Health became aware of the breach, the post on the dark web forum was taken down. In the interim, Fullerton Health and Agape informed the PDPC about the data breach. /TISG

2,400 MINDEF, SAF personnel possible data breach victims due to malware incidents

- Advertisement -
Google News Follow Google News WhatsApp Join us on WhatsApp Telegram Follow us on Telegram

Hot this week

Singapore News

SG Police: Singapore’s new mobile traffic camera deployed on BKE to capture speed-related driving offences from July 1

Authorities are stepping up speed enforcement to reduce speeding and make one of Singapore's busiest expressways safer for all road users
Singapore News

Fee for M’sian taxis entering Singapore to skyrocket from $2 a month to whopping $15 per trip as LTA seeks to narrow price gap...

The adjustment to the ASEAN Public Service Vehicle Permit (PSVP) fee aims to narrow the cost gap between Malaysia-registered taxis and Singapore-registered taxis operating in Singapore,LTA said.

Popular Categories

Singapore NewsFeatured NewsSG EconomySingapore PoliticsLifestyleCelebrityInternational
document.addEventListener("DOMContentLoaded", () => { const trigger = document.getElementById("ads-trigger"); if ('IntersectionObserver' in window && trigger) { const observer = new IntersectionObserver((entries, observer) => { entries.forEach(entry => { if (entry.isIntersecting) { lazyLoader(); // You should define lazyLoader() elsewhere or inline here observer.unobserve(entry.target); // Run once } }); }, { rootMargin: '800px', threshold: 0.1 }); observer.observe(trigger); } else { // Fallback setTimeout(lazyLoader, 3000); } });

The Independent SG

Also Visit

Social Media

© The Independent Singapore

// //
Enable Notifications OK No thanks