Letter to Blood Donors
15 March 2019
We would like to inform you that one of our vendor’s servers contained a HSA database that was not adequately safeguarded against access over the internet. The vendor is Secur Solutions Group Pte Ltd (SSG). SSG provides services to HSA and was working on a database containing registration-related information of 808,201 blood donors: Name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height and weight. The database contained no other sensitive, medical or contact information.
A cybersecurity expert had discovered this vulnerability and alerted the Personal Data Protection Commission. HSA immediately worked with SSG to disable access to the database, and we have also made a Police report. The expert has confirmed to HSA that he does not intend to disclose the contents of the database. HSA is in contact with the expert on deleting the information.
Investigations are ongoing. Preliminary findings from HSA's review of the database logs show that other than the cybersecurity expert who raised the alert, no other unauthorised person had accessed the database.
SSG had placed the information we provided them on an unsecured database in an internet-facing server on 4 Jan 2019 and failed to put in place adequate safeguards to prevent unauthorised access. This was done without HSA’s knowledge and approval, and was contrary to its contractual obligations with HSA.
We sincerely apologise to our blood donors for this lapse by our vendor. HSA treats donor data confidentiality very seriously. We would like to assure donors that HSA's centralised blood bank system is not affected. HSA will also step up checks and monitoring of our vendors to ensure the safe and proper use of blood donor information.
Your support of the National Blood Programme is invaluable and important to patients in Singapore. We thank you for your continued support and we will improve to serve our blood donors better.
Donors can call the following hotline number 62200183 for more information.