From the Privacy and Data Protection Commission of Singapore, there’s an update to a breach that was previously disclosed in October 2021:
A financial penalty of $58,000 and $10,000 was imposed on Fullerton Healthcare and Agape CP Holdings respectively for failing to put in place reasonable security arrangements to protect personal data belonging to Fullerton Healthcare’s corporate clients and direct patients. Directions were also issued to both organisations to review and enhance processes relating to data handling processes, security audits and access controls to bolster their data protection arrangements.
Details of the 2021 breach that resulted in data being sold on a marketplace are included in the regulator’s decision. It reports that the breach involved Agape’s Online Drive and not FHG’s system. The personal data of 156,900 FHG customers (133,866 direct patients and 23,034 employees of FHG’s corporate clients) was accessed without authorization in the Incident, although the exact volume of exfiltrated personal data was unknown.
For more details and discussion of the relevant laws, read the decision.