A part of the Singapore Red Cross' (SRC) website was hacked and affected personal data of 4297 people, said the authority on Thursday, May 16.
The organization said that the web development team informed SRC about the data breach on Wednesday, May 15. The team told the organization about the unauthorised access to a part of SRC's website that supports the recruitment of interested blood donors.
The SRC informed people about the hack while stating that "the following information of 4297 individuals who had registered their interest on the website was compromised: Name, contact number, email, declared blood type, preferred appointment date/time and preferred location for blood donations."
The organization confirmed that apart from the mentioned section, no other information was affected by the cyber attack. It also added that other databases were unaffected and the systems at Health Sciences Authority (HSA) were not compromised.
After SRC came to know about the cybersecurity incident, they made a police complaint on Wednesday and reported the cyber-attack event to Personal Data Protection Commission and HSA.
While explaining the incident, SRC stated that a weak administrator password could have left the website vulnerable but the police are currently investigating the incident to determine how it happened.
The organization also said, "There were measures in place to guard against unauthorised access of the website," adding that after this attack, the investigation is expected to determine the nature of the unauthorised access.
SRC stated that it had disconnected the affected website from the Internet and replaced it with a temporary webpage with required links to relevant websites. Once the security checks are completed, the original site will be reinstated.
Past attacks on health sector websites
This is not the first case where cyber criminals attacked the healthcare sector. In April Health Sciences Authority's (HSA), Secur Solutions Group (SSG) was accused of mishandling the data of more than 800,000 blood donors and SSG stated that the information, including names and NRIC numbers which were revealed online, was accessed illegally and probably extracted.
SingHealth faced the most serious cyber breach of personal data between June and July 2018. This cyber attack affected 1.5 million SingHealth patients' records, which were accessed and copied. The reports stated that 160,000 of those patient's medicine records were accessed, which also included medical records of Prime Minister Lee Hsien Loong.
A recently publish cyber attack report also showed that for the cybercriminals, the healthcare sector is one of the favourite areas. Recently, Office of the Australian Information Commissioner (OAIC) has released the quarterly data breach report, where they revealed how hackers are targetting the victims in Australia.
The report showed what kind of personal information was involved in the data breached and the result revealed that the hackers mainly targetted people to gain contact details and the financial and identity information. It also revealed that the authority noticed 29 percent of the data breach cases involving health information.