SINGAPORE
A spate of data breaches in the health sector is hampering Singapore’s ambition to be the world’s leading “smart nation”, critics say.
In the latest lapse, a server containing the personal information of 808,201 blood donors was left vulnerable after a third-party vendor failed to protect it.
The database contained registration-related information such as donors’ names and national identification numbers and, in some instances, blood type and weight.
The Health Sciences Authority (HSA) said the external contractor, Secur Solutions Group was providing the data for updating and testing.
Secur stored the information on a web-connected server on 4 January until it was made aware of the security hole on 13 March.
The HSA said a cybersecurity expert had uncovered the vulnerability and alerted the Personal Data Protection Commission (PDPC).
The contractor admitted the database “was not adequately safeguarded against access over the internet”, adding that the system did not contain other medical or contact information.
This incident follows a series of data security breaches in recent months that compromised the personal information of 1.5 million SingHealth patients and 14,200 individuals with HIV.
Subsequent investigations revealed tardiness in raising the alarm, use of weak administrative passwords, and an unpatched workstation that enabled hackers to breach the system.
The PDPC said it was currently reviewing the country’s Personal Data Protection Act (PDPA) to “keep pace” with the needs of businesses and individuals.
However, it noted that the public sector was not governed by thePDPA and was instead separately regulated by the Public Sector (Governance) Act.
Singapore, 19 March 2019
