SINGAPORE: Fullerton Health has lodged a police report after its vendor's server was hacked, exposing the personal data of some customers in Singapore.
The vendor, Agape Connecting People Holdings, helps to make appointments for patients of Fullerton Health, said the healthcare provider on Monday (Oct 25).
"Fullerton Health confirms that its own IT network, systems and databases have not been accessed or breached," it added.
In a statement, Agape said it discovered on Oct 19 that client information was compromised due to "unauthorised access by a malicious third party".
Customer data that may have been compromised was limited to name and contact details, said the company, adding that no credit card information and passwords were exposed.
"The incident appears to have been contained to our client Fullerton Healthcare," it said.
"The intrusion was identified and we acted immediately to prevent further compromise. The system was isolated and suspended. None of our core infrastructure has been compromised."
In response to CNA's queries, Fullerton Health said it has notified customers known to be affected in Singapore.
"Investigations are still ongoing to ascertain the precise number and identity of affected individuals. Fullerton Health has ascertained that the breach involved data of its patients in Singapore operations," said the healthcare provider, adding that its non-Singapore operations are not affected by the breach.
"The company has also engaged digital forensic and cybersecurity experts to assist in investigations and to work with Agape to determine the causes of the incident, and the remedial actions to prevent a recurrence," it added.
Agape, a social enterprise, said it has taken steps to prevent further compromise of data and is working with security experts on the matter.
"We regret (that) this incident has caused inconvenience to our client and their customers," it added.
The police and the Personal Data Protection Commission said they are investigating the incident.