HackerOne expert comments on Singapore HSA’s letter to blood donors on vendor-run HSA database not adequately secured


Singapore Ministry of Health’s HSA (Health Sciences Authority) issued a letter to blood donors alerting them of a HSA database hosted on a vendor-run server, which was not adequately secured, containing 808,201 records of blood donors in Singapore, with Name, NRIC, gender, number of blood donations, dates of last 3 donations, and in some cases, blood type, height, and weight. The vendor is Secur Solutions Group Pte Ltd (SSG). HSA letter is found at: https://www.hsa.gov.sg/content/hsa/en/News_Events/HSA_Updates/2019/letter-to-blood-donor.html

Aaron Zander, Head of IT, at HackerOne, the leading “white hat” hacker-powered security platform, says:

“Criminals stealing your medical information or diagnosis codes is no longer a plot twist reserved for TV dramas with the latest records breach. Cybercrime damage is expected to hit US$6 trillion annually by 2021 and this is just the beginning of medical record breaches, as these records are worth far more than your easily replaceable credit card.”


Comments are closed.

Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Youtube