The names and NRIC numbers of more than 800,000 blood donors recorded in Singapore since 1986 were among personal information that was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months.
Disclosing this breach, the third healthcare-related IT incident in as many months, the HSA said access to the unsecured database was cut off soon after the discovery.
Preliminary findings suggest there was only one instance of external access - by a foreign cyber-security expert who discovered the vulnerability on Tuesday and alerted the authorities to it a day later, it added.
The HSA also said its centralised blood bank system is not affected, and that it will step up checks and monitoring of vendors. Chief executive Mimi Choong said she was "deeply sorry" for the lapse and reassured donors the confidentiality of their information was top priority.
SEE TOP OF THE NEWS