A leaky database, which is connected to an internet-facing server, exposed personal information of over 800,000 blood donors in Singapore. According to the Health Sciences Authority (HSA), the database was exposed to the Internet for nine weeks starting in January 2019. The incident was discovered by a cybersecurity expert and alerted Singapore’s Personal Data Protection Commission (PDPC), Channel Asia reported.
HSA stated the server was maintained by a third-party contractor Secur Solutions Group for services like developing and maintaining blood donor’s e-registration, re-booking, feedback, and queue management systems.
The data was exposed while the contractor was working on a database containing the registration-related information of 808,201 blood donors. HSA stated that the exposed data belong to the visitors of HSA’s blood banks, which included names, NRIC, gender, number of blood donations, dates of the last three blood donations, blood type, height, and weight. However, HSA clarified that no other sensitive, medical or contact information was exposed in the incident and there was no unauthorized access to the exposed data so far.
“We sincerely apologize to our blood donors for this lapse by our vendor,” said Mimi Choong, CEO of HSA. “We would like to assure donors that HSA’s centralised blood bank system is not affected.
“HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information,” Choong added.
A recent report revealed that health care organizations suffered the highest number of data breaches in 2018 across any sector of the U.S. economy. According to Beazley Breach Response, a breach response management and information security insurance solutions provider, the healthcare entities have reported the highest number of data breaches, at 41 percent.
The report, dubbed as Beazley Breach Insights Report, stated that direct hacking, the presence of malware, or due to human error were the causes of data breaches in healthcare organizations.
The report also revealed the percentage of breaches in other sectors of the economy. The education sector accounted for 10 percent of security issues, financial institutions reported 20 percent of incidents, and professional services represent 13 percent of cases.