Representative Image
Representative Image

Singaporean companies given severest penalties for data leak

ANI | Updated: Jan 15, 2019 17:17 IST

Singapore, Jan 15 (Xinhua/ANI): Two related companies involved in the worst data leak in Singapore's history were fined 1 million Singapore dollars (about 740,000 U.S. dollars) in total, Singapore's Personal Data Protection Commission (PDPC) announced here Tuesday.
PDPC imposed financial penalties on Integrated Health Information Systems Pte Ltd (IHiS) and Singapore Health Services Pte Ltd (SingHealth) for breaching their data protection obligations under the Personal Data Protection Act (PDPA), according to a press release issued by the PDPC.
SingHealth's patient database system suffered cyberattack in mid-2018, which led to the disclosure of personal information of 1.5 million patients, including Singaporean Prime Minister Lee Hsien Loong.
In investigating the largest data breach case in the country's history, PDPC found that IHiS1 had failed to take adequate security measures to protect the personal data in its possession and thus has imposed a financial penalty of 750,000 Singapore dollars (about 556,000 U.S. dollars).
A financial penalty of 250,000 Singapore dollars has also been imposed on SingHealth as the owner of the patient database system.
PDPC also recognized that both organizations were victims of a skilled and sophisticated threat actor bearing the characteristics of an Advanced Persistent Threat group, using numerous advanced, customized and stealthy tools.
In a statement on Tuesday, SingHealth's CEO Ivy Ng apologized to patients and accepted the PDPC fine.
"We are making changes to enhance our cyber-security governance structures and improve management oversight of our critical systems," she said.
SingHeath is Singapore's largest healthcare group. Founded in 2000, it consists of four public hospitals and five national specialty centers. IHiS was appointed by SingHealth to operate its patient database system. (Xinhua/ANI)