Singapore public sector reports yet another security lapse

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/singapore-public-sector-reports-yet-another-security-lapse/

By Eileen Yu
By The Way
ZDNet News
March 16, 2019

Following a spate of security breaches affecting healthcare patients in the 
country, another Singapore public sector agency has reported that personal 
information of 808,201 blood donors was left vulnerable after a third-party 
vendor failed to securely protect a server containing the data. The database 
had contained registration-related information such as donors' name and 
national identification number and, in some instances, blood type and weight.

The external contractor, Secur Solutions Group, was provided the data for 
updating and testing and stored the information in a web-connected server on 
January 4 this year, according to the Health Sciences Authority (HSA), which 
was made aware of the security hole on March 13.

The Singapore government agency said in a statement on Friday that a 
cybersecurity expert had uncovered the vulnerability and alerted the Personal 
Data Protection Commission (PDPC). The health agency said one of Secur's 
servers had contained the database, but "was not adequately safeguarded against 
access over the internet" and the vendor had failed to implement adequate 
measures to prevent unauthorised access.

It added that the system did not contain other medical or contact information.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_