Fullerton Healthcare and vendor face fines over data breach as hospital strengthens cybersecurity
A $58,000 penalty was imposed on Fullerton and $10,000 on Agape CP Holdings.
The Personal Data Protection Commission (PDPC) said it fined Fullerton Healthcare Singapore and Agape CP Holdings for "failing to implement security arrangements to protect personal data belonging to Fullerton Healthcare's corporate clients and direct patients."
"Directions were also issued to both organisations to review and enhance processes relating to data handling processes, security audits, and access controls to bolster their data protection arrangements," read the decision.
PDPC said it accepted undertakings from the hospital and its vendor, which enforced remediation plans "that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA."
In an email to Singapore Business Review, Dr. Walter Lim, managing director of Fullerton Health Singapore, said the hospital has since complied with all the remediation steps set out by PDPC in their final decision.
Fullerton Health also enhanced its cybersecurity posture to successfully obtain the ISO 27001 Information Security Management System Certification, said Lim.
"This is an internationally acknowledged benchmark for best practices in Information Security Management. We continue to take our responsibility for data protection very seriously and remain vigilant in our efforts," he added.