• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

HSA reveals greater security lapse in blood bank database than originally found; data breach issue to be raised in Parliament on Monday

by The Online Citizen
30/03/2019
in Current Affairs, Health
Reading Time: 4 mins read
0

Photo from HSA press release

There was “more access” to the data of over 800,000 blood donors “than had been initially assessed by” vendor Secur Solutions Group (SSG), said the Health Sciences Authority on Sat (30 Mar), based on the vendor’s statement.

The Straits Times reported SSG as saying that “subsequent forensic analysis revealed that the server was also accessed suspiciously from several other IP addresses between Oct 22, 2018, and March 13 this year”.

“Based on this new information, SSG cannot exclude the possibility that registration-related information of donors on the server was exfiltrated,” said SSG, adding that no other “sensitive” information such as medical history or contact details was found in the database.

SSG also noted that while “there had also been attacks on the same server in 2017”, the attacks “were unrelated to the current incident, and there was no evidence to suggest that any HSA data was compromised”.

Separately, HSA assured in its statement that the “centralised blood bank system, which is not connected to the SSG server, remains secure”.

“HSA takes a serious view of this matter. SSG is in breach of its contractual obligations.

“Police investigations are continuing. HSA will decide on what steps it should take vis-à-vis SSG, once the investigations are concluded,” said HSA.

Questions regarding blood donor database leak to be raised in Parliament next week

At least eight Members of Parliament (MPs) will be filing questions on the blood donor database leak for the next Parliamentary session on Monday (1 Apr).

Aljunied GRC MP Sylvia Lim has raised the question regarding the extent of HSA’s responsibility in the matter, as well as if the Authority had adequately and reasonably carried out measures to protect the personal data of the blood donors.

Tanjong Pagar GRC MP Chia Shi-Lu has highlighted the series of data breaches involving the personal particulars of patients in the public healthcare sector, and asked as to whether there were certain major factors that leave the public healthcare IT systems particularly vulnerable to such incidents.

Health Minister Gan Kim Yong is also due to deliver a Ministerial speech on protecting the interests of patients.

Blood donor “database contained no other sensitive, medical or contact information”; not accessed by “other unauthorised: HSA

In its first statement on 15 Mar regarding the database breach, HSA revealed that it was only alerted by “a cybersecurity expert” to a vulnerability in its database, which was stored in one of Secur Solutions Group Pte Ltd (SSG)’s servers, two days prior to its announcement.

The expert proceeded to inform the Personal Data Protection Commission regarding the vulnerability a day later, following which the Commission had promptly forwarded the matter to the HSA, as the Authority is responsible for handling Singapore’s blood bank.

HSA said that it had “immediately worked with SSG to disable access to the database”, in addition to making a police report regarding the breach.

At 9.35 am, 22 minutes after HSA had received the alert from the Commission regarding the breach, the Authority instructed SSG to disable access to the database.

According to HSA, the database was fully secured at 10 a.m. against any further unauthorised access.

An SSG spokesperson told ST that the affected server “was immediately secured upon notification of the unauthorised access”.

“We have engaged external cyber security professionals, KPMG in Singapore, and initiated a thorough review of our IT systems. We are working closely with HSA and other authorities in continuing investigations,” added the spokesperson.

According to ST, the cybersecurity expert, who HSA has declined to identify, is foreign and is based overseas.

“The expert has confirmed to HSA that he does not intend to disclose the contents of the database,” said the Authority, adding: “HSA is in contact with the expert on deleting the information”.

“SSG provides services to HSA and was working on a database containing registration-related information of 808,201 blood donors”, said HSA.

Some of the information stored in the database include those regarding the “name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height and weight” of over 800,000 people who have donated or registered to donate blood in Singapore since 1986.

However, the Authority assured that “the database contained no other sensitive, medical or contact information”.

HSA added that “no other unauthorised person had accessed the database” according to “preliminary findings from HSA’s review of the database logs”.

“HSA had provided the data to SSG for updating and testing,” according to the Authority.

ST reported that the relevant databases were HSA’s Westgate Tower and Woodlands blood banks’ databases.

The data was also provided by HSA to SSG for “testing purposes after some donors said their data was outdated”.

“SSG placed the information in an internet-facing server on 4 Jan 2019 and failed to institute adequate safeguards to prevent unauthorised access.

“It had done so without HSA’s knowledge and approval, and against its contractual obligations with HSA,” said the Authority.

Chief Executive Officer of HSA Dr Mimi Choong said in response to the breach: “We sincerely apologise to our blood donors for this lapse by our vendor.

“We would like to assure donors that HSA’s centralised blood bank system is not affected.

“HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information,” she added.

The HSA database breach is the third cybersecurity breach concerning public healthcare databases in Singapore that has been reported thus far in recent months, following the HIV registry leak and Singapore’s largest cyberattack to date, the SingHealth data breach involving the particulars of around 1.5 million patients, including those of Prime Minister Lee Hsien Loong.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

2024 Olympic torch relay to start in Marseille
AFP

2024 Olympic torch relay to start in Marseille

03/02/2023
India’s Adani shares plunge again after stock sale cancelled
AFP

India’s Adani denies rise due to Modi as shares fall again

03/02/2023
TotalEnergies says Adani exposure ‘limited’ at US$3.1 bn
AFP

TotalEnergies says Adani exposure ‘limited’ at US$3.1 bn

03/02/2023
India’s finance minister says markets ‘well regulated’ after Adani storm
AFP

India’s finance minister says markets ‘well regulated’ after Adani storm

03/02/2023
A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?
Opinion

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

03/02/2023
AFP

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

2024 Olympic torch relay to start in Marseille

2024 Olympic torch relay to start in Marseille

03/02/2023
India’s Adani shares plunge again after stock sale cancelled

India’s Adani denies rise due to Modi as shares fall again

03/02/2023
TotalEnergies says Adani exposure ‘limited’ at US$3.1 bn

TotalEnergies says Adani exposure ‘limited’ at US$3.1 bn

03/02/2023
India’s finance minister says markets ‘well regulated’ after Adani storm

India’s finance minister says markets ‘well regulated’ after Adani storm

03/02/2023
A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

03/02/2023

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

03/02/2023
Why is Gautam Adani’s Indian empire in turmoil?

Adani turmoil a key test for Modi’s India Inc

03/02/2023

Trending posts

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

by Yee Loon
30/01/2023
25

...

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

by Yee Loon
26/01/2023
24

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
36

...

Two Indian nationals paid about S$330 and S$730 respectively for forged certificates submitted in their S-Pass application

MOM found issuing EPs meant for foreign PMETs to PRC waitress and general worker

by Correspondent
26/01/2023
41

...

Singapore warns slower economic growth in 2023

Less than 1 in 10 jobs created in first three quarters of 2022 went to Singaporeans?

by Leong Szehian
28/01/2023
69

...

Excessively charging for an essential need, and calling it affordable because people still can pay for it?

by Terry Xu
31/01/2023
39

...

March 2019
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Feb   Apr »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz