Singaporean firms fined 1 million SGD for data leak

Singapore's Personal Data Protection Commission (PDPC) announced on January 15 that two companies which involved in the worst data leak in the city-state’s history were fined 1 million SGD (some 740,000 USD) in total.
Hanoi (VNA) - Singapore's Personal Data Protection Commission (PDPC) announced on January 15 that two companies which involved in the worst data leak in the city-state’s history were fined 1 million SGD (some 740,000 USD) in total.

The Integrated Health Information Systems Pte Ltd ("IHiS") and Singapore Health Services Pte Ltd ("SingHealth") were fined for breaching their data protection obligations under the Personal Data Protection Act (PDPA), according to a press release issued by PDPC.

SingHealth's patient database system suffered cyberattack in mid 2018, which led to the disclosure of personal information of 1.5 million patients, including Singaporean Prime Minister Lee Hsien Loong.

PDPC found that IHiS, which was assigned by SingHealth to operate its patient database system, had failed to take adequate security measures to protect the personal data in its possession and thus has imposed a financial penalty of 750,000 SGD (around 556,000 USD).

Meanwhile, a financial penalty of 250,000 SGD was also imposed on SingHealth as the owner of the patient database system.

In a statement released on the same day, SingHealth's CEO Ivy Ng apologised to patients and accepted the fine. The company is making changes to enhance its  cyber-security governance structures and improve management oversight of its critical systems, she said.

SingHeath is the largest healthcare group in Singapore. Founded in 2000, it comprises four public hospitals and five national specialty centers.-VNA
VNA

See more