SINGAPORE: Farrer Park Hospital has been fined S$58,000 over a data breach that led to the confidential medical information of almost 2,000 people being automatically forwarded to a third party.
Farrer Park Hospital claimed that none of the data was misused, but the PDPC did not accept this as a factor in reducing the penalty.A total of 9,271 emails had been automatically forwarded from two Farrer Park Hospital employees' Microsoft Office 365 work email accounts to a third party’s email address.
When the first instance of data breach happened in March 2018, the hospital had not implemented multi-factor authentication, which required staff to key in a one-time password sent to their registered mobile number when accessing their work email accounts from a new device. The PDPC found that the hospital failed to implement reasonable security arrangements to protect the leaked personal data from the risk of unauthorised access and disclosure.
“However, there must be no doubt that failure to make reasonable assessment of the risks from email auto-forwarding within an organisation is breach of the Protection Obligation that would, in future cases, be met with the appropriate enforcement action,” the commission added.After the breach came to light, the hospital took immediate remedial actions and fully cooperated during investigations.
Health Health Latest News, Health Health Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: ChannelNewsAsia - 🏆 6. / 66 Read more »