KUALA LUMPUR: A cybersecurity analyst said the security breach involving details of organ pledgers is worrisome because the database operator was unaware of the security breach or had kept quiet.
InfoWatch Group’s Analyst Sergey Khayruk also stressed that the information appeared to have been retrieved from a central database rather than local healthcare servers which meant the leak was the fault of the cybersecurity team.
He was commenting on the breach involving 220,000 organ donors and their next-of-kin that was exposed by Lowyat.net.
“First, the investigation revealed that the leak occurred almost 18 months ago, but the database operator either didn’t know or kept quiet about it all that time.
“Second, it looks like information was retrieved from a central database rather than local healthcare servers. This means that the leak happened through the fault of those who were supposed to always be on the look-out and act as a cybersecurity guru for the entire Malaysian healthcare community,” he said, adding that medical data was sensitive personal information that required exceptional protection.
The expert who emailed his comments to the New Straits Times said that “according to the preliminary findings of InfoWatch Analytical Centre, the healthcare sector suffered 10 per cent fewer data leaks in 2017 (YoY) and almost halved the volume of personal data being compromised.”
“However, it is the US outstanding performance that almost solely contributed to the reduction in the number of incidents on a global scale. The US healthcare sector now treats patient data much more carefully, with some large hospitals having implemented cutting-edge cybersecurity systems,” he said.
It was reported on Tuesday that personal details of pledgers and their next of kin, such as MyKad numbers, home addresses and telephone numbers, had been leaked online since September 2016.
The report on the latest data leak revealed that the actual number of records leaked was 440,000 as the leaked data also included personal details of the organ donors' next of kin.
It said the leaked files, updated up to Aug 31, 2016, included details from government hospitals as well as the National Transplant Resource Centres across Malaysia.
However, it added, the data dump from January 2009 to August 2016, carried complete personal details of 220,000 organ donors and their next of kin.
The report said the file dump included a yearly breakdown of demographic data of the organ pledgers by sex, race, origin, types of organs, as well as age groups.
The same website earlier reported that the personal data of 46 million Malaysian telco users were being sold online.