Even after conducting due diligence on their third-party suppliers, businesses still face risks of supply chain attacks, as the new incident shows.
Another breach was reported in Singapore, which affected patients of Fullerton Health. The incident, which was detected on October 19, affected only the vendor Agape Connecting People, a platform for booking appointments.
The attack appeared to affect only Fullerton Health. No IT systems or databases of the healthcare services provider were affected by the breach, it said in a report with both the police and Personal Data Protection Commission in Singapore.
Agape is a social enterprise that provides employment for the disadvantaged, such as inmates, ex-offenders, physically disabled, and single mothers. It has a capacity of 250 seats and aims to support 1,000 disadvantaged individuals by 2022.
The vendor noted that it detected an intrusion on October 19, and then immediately suspended the use of the system.
“None of our core infrastructure has been compromised,” it said, and added that at this time, the breach appears to be limited to Fullerton Health. However, Agape noted that it was still in the process of confirming this.
On October 21, the company notified its customers that their personal data might have been compromised after an unauthorized party gained access to a server used for servicing Agape.
Details such as names, addresses, phone numbers, and bank account details in “a few cases” reportedly leaked from the database of Fullerton Health. The company noted that the incident did not involve credit or debit cards or passwords.
Fullerton Health is still working to identify the individuals affected by the incident. Currently, Agape is working with cybersecurity experts to implement “mitigating action” to minimize the impact of the attack.
“We are conducting a thorough review of our processes and protocols relating to data security and the use of third-party service providers to further strengthen our information security,” Fullerton Health said.
Data relating to COVID-19 vaccinations carried out at its vaccination centres were not compromised, as it is stored on a separate system.