Following a spate of security breaches affecting healthcare patients in the country, another Singapore public sector agency has reported that personal information of 808,201 blood donors was left vulnerable after a third-party vendor failed to securely protect a server containing the data. The database had contained registration-related information such as donors’ name and national identification number and, in some instances, blood type and weight. The external contractor, Secur Solutions Group, was provided the data for updating and testing and stored the information in a web-connected server on January 4 this year, according to the Health Sciences Authority (HSA), which was made aware of the security hole on March 13. The Singapore government agency said in a statement on Friday that a cybersecurity expert had uncovered the vulnerability and alerted the Personal Data Protection Commission (PDPC). The health agency said one of Secur’s servers had contained the database, but “was not adequately safeguarded against access over the internet” and the vendor had failed to implement adequate measures to prevent unauthorised access. It added that the system did not contain other medical or contact information. A police report was made and the access to the database was disabled, HSA said. It noted that the cybersecurity expert who reported the vulnerability had said he would not publish the contents in the database and was working with the agency on deleting the data. Citing preliminary findings and its review of the database logs, HSA said no other unauthorised individual had accessed the database. HSA… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.