Third Party Vendor Responsible for Online Availability of Singapore Blood Donor Database
Who: Secur Solutions Group /HSA/Singapore National Blood Bank
When: 13 March 2019
# of records involved: 800,000 Blood Donors
What happened: The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor
How did it happen: A Third party vendor, Secur Solutions Group, to Health Sciences Authority (HSA) allowed access to an improperly secured online database. Access to the database was cut off soon after the discovery.
Outcome: The HSA said its preliminary findings indicate that there was only one instance of external access – by a cybersecurity expert who discovered the vulnerability on Tuesday (March 12) and alerted the Personal Data Protection Commission to it a day later. They immediately took steps to verify that no sensitive medical or contact information was contained in the database. The confidentiality of our donor’s information given to us is our utmost priority and we really hope our donors will continue to trust in us to do the right thing. We have engaged external cybersecurity professionals, KPMG in Singapore, and initiated a thorough review of our IT systems. We are working closely with HSA and other authorities in continuing investigations and a police report was filed.