HackerOne expert comments on Singapore HSA’s letter to blood donors on vendor-run HSA database not adequately secured


Singapore Ministry of Health’s HSA (Health Sciences Authority) issued a letter to blood donors alerting them of a HSA database hosted on a vendor-run server, which was not adequately secured, containing 808,201 records of blood donors in Singapore, with Name, NRIC, gender, number of blood donations, dates of last 3 donations, and in some cases, blood type, height, and weight. The vendor is Secur Solutions Group Pte Ltd (SSG). HSA letter is found at: https://www.hsa.gov.sg/content/hsa/en/News_Events/HSA_Updates/2019/letter-to-blood-donor.html

Aaron Zander, Head of IT, at HackerOne, the leading “white hat” hacker-powered security platform, says:

“Criminals stealing your medical information or diagnosis codes is no longer a plot twist reserved for TV dramas with the latest records breach. Cybercrime damage is expected to hit US$6 trillion annually by 2021 and this is just the beginning of medical record breaches, as these records are worth far more than your easily replaceable credit card.”


Comments are closed.