Singapore’s Health Sciences Authority (HSA) has been hit by a data breach, exposing the personal information of over 800,000 blood donors.
The HSA said that that one of its vendors, Secur Solutions Group Pte Ltd (SSG) “was not adequately safeguarded against access over the internet,” leading to the database being left accessible to the public, The Independent reported.
The compromised database contained the name, NRIC number, gender, number of blood donations, dates of the last three blood donations, and, in some cases, blood type, height, and weight of 808,201 blood donors. The vulnerability was spotted by a cybersecurity expert, who immediately informed the Personal Data Protection Commission (PDPC). HSA and SSG have since taken down the database and filed a police report.
Preliminary investigation findings showed that no other unauthorised parties have accessed the data aside from the person who discovered the breach.
“We sincerely apologise to our blood donors for this lapse by our vendor,” said HSA chief executive Dr Mimi Choong in an open letter to blood donors. “We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe, and proper use of blood donor information.”
This has been the third data breach to affect Singapore’s health system, raising questions about its data security. In July 2018, Singapore suffered its largest data breach ever, after major healthcare institution network Singhealth was targeted by a cyberattack that exposed the records of around 1.5 million individuals. In January 2018, the personal details of over 14,200 HIV-positive individuals were leaked by a fraudster who conspired with a former official that had access to the data.