[BreachExchange] Blood donors in Singapore victims of data breach

Destry Winant destry at riskbasedsecurity.com
Tue Mar 19 03:10:43 EDT 2019


A leaky database, which is connected to an internet-facing server,
exposed personal information of over 800,000 blood donors in
Singapore. According to the Health Sciences Authority (HSA), the
database was exposed to the Internet for nine weeks starting in
January 2019. The incident was discovered by a cybersecurity expert
and alerted Singapore’s Personal Data Protection Commission (PDPC),
Channel Asia reported.

HSA stated the server was maintained by a third-party contractor Secur
Solutions Group for services like developing and maintaining blood
donor’s e-registration, re-booking, feedback, and queue management

The data was exposed while the contractor was working on a database
containing the registration-related information of 808,201 blood
donors. HSA stated that the exposed data belong to the visitors of
HSA’s blood banks, which included names, NRIC, gender, number of blood
donations, dates of the last three blood donations, blood type,
height, and weight. However, HSA clarified that no other sensitive,
medical or contact information was exposed in the incident and there
was no unauthorized access to the exposed data so far.

“We sincerely apologize to our blood donors for this lapse by our
vendor,” said Mimi Choong, CEO of HSA. “We would like to assure donors
that HSA’s centralised blood bank system is not affected.

“HSA will also step up checks and monitoring of our vendors to ensure
the safe and proper use of blood donor information,” Choong added.

A recent report revealed that health care organizations suffered the
highest number of data breaches in 2018 across any sector of the U.S.
economy. According to Beazley Breach Response, a breach response
management and information security insurance solutions provider, the
healthcare entities have reported the highest number of data breaches,
at 41 percent.

The report, dubbed as Beazley Breach Insights Report, stated that
direct hacking, the presence of malware, or due to human error were
the causes of data breaches in healthcare organizations.

The report also revealed the percentage of breaches in other sectors
of the economy. The education sector accounted for 10 percent of
security issues, financial institutions reported 20 percent of
incidents, and professional services represent 13 percent of cases.

More information about the BreachExchange mailing list