Singapore’s push to become a smart nation stumbled yet again. More than 800,000 personal details of blood donors were left online for more than two months.
According to HSA’s press release, the personal information of the blood donors includes the name, NRIC, gender, number of blood donations, dates of pass three blood donations, blood type, height and weight.
HSA emphasised that “no other sensitive medical or contact information” were exposed.
The leak came to light when a cybersecurity expert discovered the vulnerability and alerted the Personal Data Protection Commission.
It is believed that one of its vendors, Secur Solutions Group Pte Ltd (SSG), failed to adequately secure a HSA database, which allowed access to the information over the internet.
Chief Executive Officer of HSA, Dr Mimi Choong said:
“We sincerely apologise to our blood donors for this lapse by our vendor. We would like to assure donors that HSA’s centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information.”
Investigations are still ongoing and preliminary findings have shown that, except the cybersecurity expert, no other unauthorised person had accessed the database.