Vendor Exposes Singapore Health Blood Donor Data

Vendor Exposes Singapore Health Blood Donor Data

In the aftermath of news that a vendor left the personal data of more than 800,000 blood donors exposed, Singapore’s Health Sciences Authority (HSA) issued a letter to those potentially impacted.

The vendor, Secur Solutions Group Pte. Ltd. (SSG), was working on a database that reportedly contained only registration-related information of 800,201 blood donors, but SSG had not adequately safeguarded against the database being accessed over the internet.

“A cybersecurity expert had discovered this vulnerability and alerted the Personal Data Protection Commission. HSA immediately worked with SSG to disable access to the database, and we have also made a Police report. The expert has confirmed to HSA that he does not intend to disclose the contents of the database. HSA is in contact with the expert on deleting the information,” the letter stated.

Though not the result of a cyber-attack, the information was exposed because SSG had reportedly used an unsecured database in an internet-facing server without safeguarding against unauthorized access. HSA, which said this oversight was a breach of SSG’s contractual obligations, assured donors that the centralized blood bank system was not affected and that the affected database did not contain any sensitive, medical or contact information.

Medical records continue to be a prime target for attackers, which makes SSG’s lapse in security all the more alarming as people across the globe are looking for advice on how to protect their medical records.

“A recent study in the Journal of the American Medical Association reveals that the number of annual health data breaches increased 70% over the past seven years, with 75% of the breached, lost, or stolen records being breached by a hacking or IT incident at a cost close to consumers at nearly $6 billion,” wrote McAfee’s family safety evangelist, Toni Birdsong.

“Protecting ourselves and our families in the face of this kind of threat can feel overwhelming and even futile. It’s not. Every layer of protection you build between you and a hacker matters.”

Source: Information Security Magazine