Health Sciences Authority

The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by the Health Sciences Authority (HSA).

HSA said its preliminary findings indicate that there was only one instance of external access - by a cyber security expert who alerted the Personal Data Protection Commission to it a day later.

It immediately took steps to verify that no sensitive medical or contact information was contained in the database.

HSA added that the cyber security consultant who accessed the data had told them he did not intend to disclose it and worked with the agency to delete the information.

Source: https://www.straitstimes.com/singapore/health/personal-information-of-over-800000-blood-donors-exposed-online-hsa

"id": "HEA15589323",
"linkid": "health-sciences-authority",
"type": "Data Leak",
"date": "03/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"