Singapore Red Cross website hacked, over 4000 people’s data compromised

In another cyberattack in Singapore, the personal data of more than 4,000 people has been compromised after part of the Singapore Red Cross' (SRC) website was hacked.

Singapore has been the target of multiple high-profile hacks in recent times, including the theft last year of 1.5 million citizens' health records.

The web developer of SRC had alerted it last Wednesday to an incident of unauthorised access to the part of its website which supports the recruitment of interested blood donors. 

Singapore Red Cross has disconnected the website from Internet access, and replaced it with a temporary webpage with links to relevant websites as a precaution. Photo courtesy: Singapore Red Cross
Singapore Red Cross has disconnected the website from Internet access, and replaced it with a temporary webpage with links to relevant websites as a precaution. Photo courtesy: Singapore Red Cross

The personal details, including names, blood types, and contact numbers of 4,297 potential blood donors were compromised. SRC said its other databases were not compromised, and the Health Sciences Authority’s (HSA) systems were also unaffected by the incident.

SRC made a police report the same day. It also reported the incident to the Personal Data Protection Commission and HSA. Police investigations are ongoing, it added.

A weak administrator password could have left the website vulnerable, said SRC, adding that investigations to determine how the incident happened are ongoing.

Presently, SRC had disconnected the website from Internet access and replaced it with a temporary webpage with links to relevant websites as a precaution. The website will only be reinstated when all security checks have been completed.

Benjamin William, secretary-general and chief executive officer of SRC, said, “Our immediate priority is to ensure affected individuals and partners are notified while working with the relevant parties to restore and strengthen our IT systems, safeguard our data, and mitigate any future risks.”

"SRC has started to contact affected individuals. We apologise to the users of our website whose information may have been affected by this incident,” he added.

This is the latest in a string of cybersecurity incidents to have hit healthcare-related systems in Singapore.

In March, personal information of more than 800,000 blood donors was left exposed on the Internet for nine weeks after the data was mishandled by its vendor.

Similarly, the HIV-positive status of 14,200 people along with their confidential information was leaked online in January this year.

However, the most serious attack was in July last year when hackers gain access to a government database and make off with the records of 1.5 million Singaporeans including Prime Minister Lee Hsien Loong.