A series of data breaches have occurred in Singapore recently. For example, the medical information of 1.5 million SingHealth patients has been leaked, and the personal information of 14,200 HIV-infected people has been leaked. However, another major data breach occurred in Singapore recently. This time, because a third-party supplier failed to properly protect the server containing 808,201 blood donors’ personal information, the blood donor’s blood type, ID card, weight, and other data were leaked.
According to the Singapore Health Sciences Authority (HSA), on January 4th, the contractor Secur Solutions Group stored the information on a networked server during the update and testing but failed to take appropriate security measures. The researchers discovered this security hole on March 13.
“The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery.” states the article published by The Straits Times.
HSA said in a statement on March 15 that a network security expert discovered the vulnerability and notified the Personal Data Protection Commission (PDPC) that a server from Secur contained a database of blood donors but did not take it. HSA said that in addition to the information of blood donors, the server does not contain other medical information.
After a preliminary investigation by the HSA and a review of the database logs, it was indicated that no other unauthorized individuals had accessed the database. HSA CEO Mimi Choong apologized for the security breach and said it is stepping up inspections and monitoring of suppliers.
“We sincerely apologise to our blood donors for this lapse by our vendor. HSA treats donor data confidentiality very seriously. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information.
Your support of the National Blood Programme is invaluable and important to patients in Singapore. We thank you for your continued support and we will improve to serve our blood donors better.”