Third-Party Data Breach In Singapore Hits Healthcare Provider

Fullerton Health said a security incident at its third-party vendor, whose platform supports appointment scheduling, was discovered on October 19 and exposed patients’ personal data, including name and contact information, as well as bank account information.

Another third-party security breach in Singapore has been disclosed, this time impacting Fullerton Health patients and exposing personal data, including bank account details in “a few situations.”

The compromise was originally discovered on October 19 by the impacted vendor Agape Connecting People, whose platform supports appointment booking. It appeared to affect solely Fullerton Health.

What is a data breach?

A data breach occurs when an unauthorized individual gains access to confidential, sensitive, or protected information.

Without authorization, data breach files are accessed and/or disseminated.

Individuals, high-level organizations, and governments are all vulnerable to data breaches.

More significantly, if others are not protected, anybody can endanger others.

How did the breach happen?

A data breach is commonly assumed to be the result of an external hacker, however, this isn’t necessarily the case.

Intentional assaults can sometimes be traced back to the causes of data breaches.

It can, however, be caused by a simple error on the part of employees or weaknesses in a company’s infrastructure.

A data breach can happen in the following ways:

• An Inadvertent Insider. An employee utilizing a coworker’s computer and viewing files without the required authorization permissions is an example. There is no information given, and the access is inadvertent. The data was compromised, however, since it was read by an unauthorized individual.
• An insider with a nefarious agenda. This individual accesses and/or shares data with the objective of inflicting harm to a person or a corporation. The malevolent insider may have genuine permission to access the data, but the goal is to utilize it for bad purposes.
• Devices that have been misplaced or stolen. Anything that carries critical information, such as an unencrypted and unsecured laptop or external hard drive, goes missing.
• Criminals from the outside. These are hackers that acquire information from a network or an individual using a variety of attack methods.

Third-party security compromise

The intrusion had no effect on the healthcare services provider’s own IT systems, network, or databases, according to the company.

It reported the incident to the police as well as the Personal Data Protection Commission, which is responsible for enforcing Singapore’s Personal Data Protection Act.

Agape discovered the attack on October 19 and “acted swiftly” to isolate and disable the system, according to a statement released Monday by the vendor.

“None of our key infrastructures has been touched,” the company claimed, adding that the incident “appears” to have affected just Fullerton Health.

It did say, though, that it was still working on establishing that no additional clients were affected.

According to Fullerton Health, an unauthorized entity obtained access to a server utilized by the social business Agape.

The names, ID numbers, and contact information of patients with whom Agape had arranged appointments were stolen.

Agape runs a call center to employ the unemployed, including convicts, physically challenged people, ex-offenders, and single moms.

By 2022, it hopes to assist 1,000 people who are disadvantaged.

Who are the victims of this breach? 

Although a data breach might occur as a consequence of an unintentional error, serious harm can occur if someone with unauthorized access obtains and sells Personally Identifiable Information (PII) or business intelligence data for financial benefit or to hurt others.

Malicious thieves have a fundamental pattern: they prepare ahead of time to target a company for a data breach.

They do research on their victims to identify weaknesses such as missing or failed upgrades and employee vulnerability to phishing attacks.

Hackers identify a target’s weak areas and devise a campaign to persuade insiders to download malware by accident.

They have been known to go after the network directly on occasion.

Once inside, dangerous thieves have complete freedom to look for the information they desire – and plenty of time to do so, as the typical breach takes over five months to identify.

With 89 occurrences recorded in 2020, compared to 35 in 2019, the number of reported ransomware assaults increased by 154 percent.

Small and midsize companies (SMBs) in a variety of industries, including manufacturing, retail, and healthcare, were most impacted.

What are the consequences of this breach? 

In many circumstances, data breaches cannot be remedied simply by changing passwords.

A data breach may have long-term consequences for your reputation, money, and more.

For businesses, a data breach can be extremely damaging to their reputation as well as their financial bottom line.

A data breach has affected companies such as Equifax, Target, and Yahoo, to name a few.

Many people currently associate/remember such organizations for the data breach issue rather than their real company activities.

For government agencies, a breach of data might result in the disclosure of extremely sensitive information to foreign parties.

Military activities, political negotiations, and information about critical national infrastructure may all be dangerous to a country and its inhabitants.

Individuals are at risk of identity theft as a result of data breaches.

Everything from social security numbers to financial information might be exposed as a result of data dumps.

Once a criminal acquires your personal information, they may commit any sort of fraud in your name.

Identity theft may wreck your credit and get you in legal trouble, and it’s tough to recover from.

To wrap things up

The recent security incident at SingHealth, which exposed the personal information of 1.5 million individuals, including Prime Minister Lee Hsien Loong and Defence Minister Ng Eng Hen, has highlighted the significance of bolstering security safeguards for such devices used by remote employees.