Government to review data management after more security breaches found

The Smart Nation and Digital Government Office (SNDGG) is currently reviewing the Government’s management of data, revealed a spokesperson to the media. This comes after it was revealed last week that personal particulars of over 800,000 blood donors in Singapore was leaked on the Internet in January due to mishandling of data by a vendor of the Health Sciences Authority.

SNDGG told the Channel NewsAsia that it is conducting a “deeper investigation” into the incident in hopes of identifying measures that need to be implemented, and the assistance that the Health Sciences Authority will require to rectify the situation.

Meanwhile, last week Russian cybersecurity company Group-IB also alerted the government that login details from key government agencies such as the Ministry of Education, Ministry of Health, Singapore Police Force, and the National University of Singapore were being put up for sale on the dark web. A spokesman from SNDGG confirmed the incident to numerous news outlets stating that the email addresses and passwords provided by individuals were compromised. It added that only 119 accounts were active out of the 50,000 accounts breached. The statement added that as an immediate precautionary measure, "all officers with affected credentials have changed their passwords".

The local government has had several lapses of data breaches in recent times.

In January, confidential information of over 14,000 HIV patients was leaked online by an "unauthorised person", according to Ministry of Health. The perpetrator was later found to be Mikhy K Farrera Brochez, the partner of the ministry's National Public Health Unit former head.

Last year, the government saw the major cyberattack in July that infiltrated over 1.5 million patient personal particulars and outpatient dispensed medicines in the SingHealth database. According to a joint press release from the Ministry of Communications and Information and Ministry of Health, information on approximately 160,000 outpatient dispensed medicines were retrieved. However, it was not tampered with. In September 2018, The Committee of Inquiry called for the general public to provide recommendations on ways to handle cybersecurity attacks following the SingHealth data breach.