Govt's data management under review following CHAS error, blood donor data leak

Govt's data management under review following CHAS error, blood donor data leak

Illustration file picture shows a man typing on a computer keyboard in Warsaw
File photo of a person typing on a keyboard. (Photo: Reuters/Kacper Pempel)

SINGAPORE: The Government's management of data is being reviewed in light of cases of information mishandling by IT vendors.

More details on the review will be shared when ready, said the Smart Nation and Digital Government Group (SNDGG) on Friday (Mar 22), in response to queries by Channel NewsAsia. 

“The Smart Nation and Digital Government Office is currently reviewing the Government’s management of data, and will share more when ready," it said. 

Over the past three months, the Ministry of Health (MOH) has revealed two cases of information being mishandled by IT vendors.

About 7,700 individuals received inaccurate healthcare and subsidies under the Community Health Assist Scheme due to an error in a computer system administered by NCS, an information technology and communications engineering company and subsidiary of the Singtel Group.

Separately, the personal information of more than 800,000 blood donors in Singapore were exposed on the Internet for over nine weeks before the authorities were alerted to it by a cybersecurity expert. Vendor Secur Solutions Group - tasked to update the records of blood donors – had failed to ensure adequate safeguards when it placed the information on an unsecured database. 

SNDGG is conducting a “deeper investigation” into the incident involving the leak of blood donors' data, it said. 

“The findings will inform us of the measures that need to be implemented and the assistance that the Health Sciences Authority will require to rectify the situation,” it added.

Singapore’s health sector was hit by two other data breaches in the past nine months.  

A cyber attack on SingHealth in June 2018 compromised the personal information of 1.5 million patients, including Prime Minister Lee Hsien Loong.

Another data breach affected 14,200 HIV patients after confidential information - including identification numbers and contact details - was leaked online by American Mikhy K Farrera Brochez.

He was the partner of Ler Teck Siang, the former head of MOH’s National Public Health Unit.

This week, Russian cybersecurity firm Group-IB revealed in its press release that email log-in information of employees in several Singapore government agencies had been put up for sale on the Dark Web by hackers.

SNDGG said on Thursday that only 119 of the approximately 50,000 compromised details were still being used while the rest were either outdated or bogus.

The information was not leaked from the government system, it also said, but from the use of those addresses for personal and non-official purposes.

The officers with the affected credentials have changed their passwords, SNDGG added.

Source: CNA/na(rw)