Personal details of Fullerton Health customers were stolen by hackers and leaked online, after a vendor of the private healthcare group suffered a breach earlier this month.
The hackers claimed they managed to steal the data of some 400,000 people, including the insurance policy details of Singaporeans and also had personal details of children, according to a report by The Straits Times. A sample of the data uploaded by the unidentified hackers included customer names and identity card numbers, as well as information about bank accounts, employers and medical history.
Further, the Straits Times reported that the data was put up for sale on hacking forums from October 11, and could be bought for US$600 (S$810) in Bitcoin. However, checks by The Straits Times showed that the hackers took down the posts on the data sale on October 22.
A sample document shared by the hackers bore the letterheads of Fullerton Health and Singapore Airlines. The breach was of a server used by Agape Connecting People, a social enterprise that provides contact centre services. Agape was engaged as a vendor to handle bookings by Fullerton Health customers.
The medical service provider discovered the breach shortly before informing Agape on October 19, the Straits Times report said. Both entities have lodged police reports, and the Personal Data Protection Commission has been informed. Investigations are ongoing.
Fullerton Health, which specialises in designing customised medical services for corporate and insurer clients, said the breach involved only data of patients from its Singapore operations. It has engaged cyber-security experts to work with Agape to prevent such an incident from happening again.
Agape said its system was isolated and suspended immediately once the breach was discovered, and that no credit card or password information was exposed. “We are in the process of confirming that no other clients of Agape Connecting People were affected,” it added. “We regret this incident has caused inconvenience to our client and its customers.”
Fullerton Health is one of the private healthcare providers involved in Singapore’s national vaccination programme. Last week personal details of some 40,000 job applicants have been leaked online, following a cyber attack on Protemps Employment Services, an employment agency.
Recently, Singapore launched the Cybersecurity Toolkits for Enterprises and new SG Cyber Safe Partnership Programme, which is one of the major initiatives under Cyber Security Agency of Singapore (CSA’s) Safer Cyberspace Masterplan.