Many organizations took action to gather data during the epidemic in an effort to stop the spread of COVID. Visitors to Thomson Medical could use a portal, but the information wasn't just kept in a secure database; it was also held in a database that the general public could access.
Thomson Medical has been given instructions to conduct a web search to ensure that no personally identifiable information has been published online.
The compromised information includes the personal data of 44,679 of the Organisation’s visitors, including the date and time of visit, temperature, type of visitor (purpose of stay), name of the visitor, name of newborn, contact number, NRIC/FIN/passport number, doctor/clinic name or room visiting, and answers to a health declaration questionnaire (which included a declaration by the visitor.
It has also been instructed to review the process it uses to deploy applications and to include measures like data retention policies and security testing procedures.
This is in response to a data breach incident from a Health Declaration Portal that was not secured, allowing visitors' private information to be accessed by anyone.
Source: https://www.databreaches.net/recent-decision-by-the-pdpc/
"id": "THO653231222",
"linkid": "thomson-medical",
"type": "Breach",
"date": "12/2022",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"