808,201 blood donors’ personal information accidentally put online by vendor: HSA
The access to the database was cut off immediately.
In a statement released on March 15, the Health Sciences Authority (HSA) informed members of the public that the personal information of 808,201 blood donors had been accidentally put online by a vendor.
808,201 blood donors data discovered online
According to HSA, one of their vendor, Secur Solutions Group Pte Ltd (SSG), was working on a database containing 808,201 blood donors’ personal information.
SSG was provided with this database for updating and testing.
SSG uploaded the database in an internet-facing server earlier this year on January 4, 2019 but failed to secure the sever adequately.
The database was discovered by a cybersecurity expert who subsequently alerted the Personal Data Protection Commission (PDPC). PDPC then informed HSA on March 13 at 9:13 am which then contacted SSG to fully secure the access by 10 am.
The database includes registration-related details such as names, NRIC, genders, number of blood donations, dates of the last three blood donations, as well as the blood type, height and weight of some donors.
Beside the cybersecurity expert, no other unauthorised person accessed this database.
The cybersecurity expert also confirmed that he will not disclose details from the database.
HSA is in contact with him on deleting the information.
HSA worked with SSG to disable access to the database.
Investigations are ongoing
The HSA is looking into this matter and has made a police report.
HSA was not aware of SSG uploading the database online, nor did it approve it.
This act is actually against their contractual obligations to HSA.
The Chief Executive Officer of HSA, Dr Mimi Choong, apologised for the lapse by SSG and assured that the centralised blood bank system is not compromised.
“We sincerely apologise to our blood donors for this lapse by our vendor. HSA treats donor data confidentiality very seriously. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information.
Your support of the National Blood Programme is invaluable and important to patients in Singapore. We thank you for your continued support and we will improve to serve our blood donors better.”
A SSG spokesperson also revealed that they have engaged cybersecurity professionals from KPMG Singapore to conduct a thorough review of their IT system and is working with authorities on the investigations.
Concerned blood donors can call HSA at this hotline number 6220 0183.
You can read the full statement from HSA here.
Top photo collage from Street directory and HSA website