The Department of Health (DH) today (September 20) is investigating an information security incident in which unauthorised promotional SMS messages were sent to patients of the DH's Dental Clinics.
The DH, through its regular monitoring and review of transaction logs, observed abnormal SMS activities of sending unusual SMS messages to the patients of the DH's Dental Clinics through the SMS portal. Subsequent investigations with the service provider maintaining the SMS portal revealed that there had been an unauthorised login to one of the user accounts of the portal on September 14 and promotional SMS messages not related to DH services were sent to some 2 700 patients of the DH's Dental Clinics. According to the preliminary investigation, there was no downloading of personal data involved. The risk of leakage of personal information is likely to be minimal. The SMS account concerned and the DH's SMS services have been suspended until further notice.
The DH has reported the incident to the Police and the Office of the Government Chief Information Officer. A report will also be made to the Office of the Privacy Commissioner for Personal Data later today.
Patients of the DH's Dental Clinics are urged not to respond to any suspicious SMS messages or click on any dubious links received via SMS. Also, if members of the public received an SMS reminder from the Dental Service in the past two weeks and wish to enquire about further details of the incident, they may contact the DH at 2970 5955 during office hours.
The DH attaches great concern to this incident and will step up information security for the portal, with additional security measures to be implemented by the service provider before resumption of the SMS service. The DH has also asked the service provider to submit an investigation report on the incident and will review existing information security measures to avoid the recurrence of similar incidents in future.
Follow this news feed: East Asia