• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

Cybersecurity vendor’s server “not adequately safeguarded against unauthorised access” online, blood donors’ personal particulars vulnerable for over two months: HSA

by The Online Citizen
16/03/2019
in Current Affairs, Health
Reading Time: 3 mins read
0

Rear view of a male doctor with stethoscope in hospital ward from Shutterstock.com

More than 800,000 individuals who have donated blood or have attempted to do so in Singapore had their personal particulars placed at risk over the Internet due to unauthorised access by a Health Sciences Authority (HSA) vendor for over two months.

In a statement on Friday (15 Mar), HSA revealed that it was only alerted by “a cybersecurity expert” to a vulnerability in its database, which was stored in one of Secur Solutions Group Pte Ltd (SSG)’s servers, two days prior to its announcement.

The expert proceeded to inform the Personal Data Protection Commission regarding the vulnerability a day later, following which the Commission had promptly forwarded the matter to the HSA, as the Authority is responsible for handling Singapore’s blood bank.

HSA said that it had “immediately worked with SSG to disable access to the database”, in addition to making a police report regarding the breach.

At 9.35 am, 22 minutes after HSA had received the alert from the Commission regarding the breach, the Authority instructed SSG to disable access to the database.

According to HSA, the database was fully secured at 10 a.m. against any further unauthorised access.

An SSG spokesperson told Straits Times that the affected server “was immediately secured upon notification of the unauthorised access”.

“We have engaged external cyber security professionals, KPMG in Singapore, and initiated a thorough review of our IT systems. We are working closely with HSA and other authorities in continuing investigations,” added the spokesperson.

According to ST, the cybersecurity expert, who HSA has declined to identify, is foreign and is based overseas.

“The expert has confirmed to HSA that he does not intend to disclose the contents of the database,” said the Authority, adding: “HSA is in contact with the expert on deleting the information”.

“SSG provides services to HSA and was working on a database containing registration-related information of 808,201 blood donors”, said HSA.

Some of the information stored in the database include those regarding the “name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height and weight” of over 800,000 people who have donated or registered to donate blood in Singapore since 1986.

However, the Authority assured that “the database contained no other sensitive, medical or contact information”.

HSA added that “no other unauthorised person had accessed the database” according to “preliminary findings from HSA’s review of the database logs”.

“HSA had provided the data to SSG for updating and testing,” according to the Authority.

ST reported that the relevant databases were HSA’s Westgate Tower and Woodlands blood banks’ databases.

The data was also provided by HSA to SSG for “testing purposes after some donors said their data was outdated”.

“SSG placed the information in an internet-facing server on 4 Jan 2019 and failed to institute adequate safeguards to prevent unauthorised access.

“It had done so without HSA’s knowledge and approval, and against its contractual obligations with HSA,” said the Authority.

Chief Executive Officer of HSA Dr Mimi Choong said in response to the breach: “We sincerely apologise to our blood donors for this lapse by our vendor.

“We would like to assure donors that HSA’s centralised blood bank system is not affected.

“HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information,” she added.

The Authority had also urged concerned donors whose particulars may have been affected by the breach to contact the Authority at its hotline number: 62200183.

The HSA database breach is the third cybersecurity breach concerning public healthcare databases in Singapore that has been reported thus far in recent months, following the HIV registry leak and Singapore’s largest cyberattack to date, the SingHealth data breach involving the particulars of around 1.5 million patients, including those of Prime Minister Lee Hsien Loong.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

Why is Gautam Adani’s Indian empire in turmoil?
AFP

India’s Adani Enterprises shares rocket 20%, trading suspended

07/02/2023
China’s Baidu says developing AI chatbot
AFP

China’s Baidu says developing AI chatbot

07/02/2023
Thai rescuers dig to free baby trapped down well
AFP

Thai rescuers dig to free baby trapped down well

07/02/2023
Desmond Lee says 70% of BTO flats affordable for median household with income of S$8,400 but what about the 10th to 40th percentile?
Housing

Desmond Lee says 70% of BTO flats affordable for median household with income of S$8,400 but what about the 10th to 40th percentile?

07/02/2023
Returning Officer to issue corrective directions, overseas Singaporeans allowed to vote by post, among changes to laws tabled to Parliament
Singapore

Returning Officer to issue corrective directions, overseas Singaporeans allowed to vote by post, among changes to laws tabled to Parliament

07/02/2023
Can Malaysia review its current practices on foreign worker management?
Asia

Can Malaysia review its current practices on foreign worker management?

07/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

Why is Gautam Adani’s Indian empire in turmoil?

India’s Adani Enterprises shares rocket 20%, trading suspended

07/02/2023
China’s Baidu says developing AI chatbot

China’s Baidu says developing AI chatbot

07/02/2023
Thai rescuers dig to free baby trapped down well

Thai rescuers dig to free baby trapped down well

07/02/2023
Desmond Lee says 70% of BTO flats affordable for median household with income of S$8,400 but what about the 10th to 40th percentile?

Desmond Lee says 70% of BTO flats affordable for median household with income of S$8,400 but what about the 10th to 40th percentile?

07/02/2023
Returning Officer to issue corrective directions, overseas Singaporeans allowed to vote by post, among changes to laws tabled to Parliament

Returning Officer to issue corrective directions, overseas Singaporeans allowed to vote by post, among changes to laws tabled to Parliament

07/02/2023
Can Malaysia review its current practices on foreign worker management?

Can Malaysia review its current practices on foreign worker management?

07/02/2023
Forum Asia calls for India to revoke arbitrary ban on BBC documentary

Forum Asia calls for India to revoke arbitrary ban on BBC documentary

07/02/2023

Google to release ChatGPT rival named Bard

07/02/2023

Trending posts

Cognizant India transfers staff to work in Singapore as recently as this year

Local IT grads can’t find jobs while engineers constantly transferred from India to work in SG under CECA

by Correspondent
05/02/2023
104

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
47

...

Adani’s brother runs SG company and registers as director with local ID

Adani’s brother runs SG company and registers as director with local ID

by Correspondent
03/02/2023
26

...

No response from Josephine Teo on whether Mediacorp has been instructed to stop coverage of SMT circulation scandal

No response from Josephine Teo over alleged blackout of coverage by Mediacorp over SMT circulation scandal

by Terry Xu
06/02/2023
12

...

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

by Yee Loon
30/01/2023
25

...

Singapore Law Watch removes commentary on CPIB’s decision to not prosecute former Keppel executives

Singapore Law Watch removes commentary on CPIB’s decision to not prosecute former Keppel executives

by The Online Citizen
02/02/2023
19

...

March 2019
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Feb   Apr »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz