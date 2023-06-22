SINGAPORE: Fullerton Health Group and its vendor have been fined a total of S$68,000 after the vendor’s server was hacked, leading to customer data being put up for sale on a dark web forum in 2021.

More than 150,000 patients of Fullerton Health as well as employees of its corporate clients were impacted by the breach.

The affected data included identity numbers, telephone numbers, financial details like bank account numbers and codes, as well as health information.

Fullerton Health was fined S$58,000, while Agape Connecting People Holdings – a social enterprise that helped to make appointments for patients of Fullerton Health – was fined S$10,000.

In a written judgment released on Thursday (Jun 22), the Personal Data Protection Commission (PDPC) found that Fullerton Health had made the situation worse by inadvertently disclosing personal data to Agape that the vendor did not require.

The healthcare provider was also ultimately responsible for exercising due diligence and reasonable supervision over Agape, added the PDPC.