HSA
Company Details
Linkedin ID:
health-sciences-authority
Website:
Employees number:
786
Number of followers:
15,707
NAICS:
92219
Industry Type:
Homepage:
hsa.gov.sg
IP Addresses:
0
Company ID:
HEA_1253182
Scan Status:
In-progress
Health Sciences Authority Company CyberSecurity Posture
hsa.gov.sg
The Health Sciences Authority (HSA) applies medical, pharmaceutical and scientific expertise through its three professional groups, Health Products Regulation, Blood Services and Applied Sciences, to protect and advance national health and safety. HSA is a multidisciplinary authority. It serves as the national regulator for health products, ensuring they are wisely regulated to meet standards of safety, quality and efficacy. As the national blood service, it is responsible for providing a safe and adequate blood supply. It also applies specialised scientific, forensic, investigative and analytical capabilities in serving the administration of justice.
Health Sciences Authority A.I CyberSecurity Scoring
HSA Risk Score (AI oriented)Between 750 and 799
HSA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HSA Global Score (TPRM)XXXX
HSA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HSA Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Health Sciences Authority
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by the Health Sciences Authority (HSA). HSA said its preliminary findings indicate that there was only one instance of external access - by a cyber security expert who alerted the Personal Data Protection Commission to it a day later. It immediately took steps to verify that no sensitive medical or contact information was contained in the database. HSA added that the cyber security consultant who accessed the data had told them he did not intend to disclose it and worked with the agency to delete the information.
HSA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HSA
Incidents vs Public Safety Industry Average (This Year)
No incidents recorded for Health Sciences Authority in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Health Sciences Authority in 2025.
Incident Types HSA vs Public Safety Industry Avg (This Year)
No incidents recorded for Health Sciences Authority in 2025.
Incident History — HSA (X = Date, Y = Severity)
HSA cyber incidents detection timeline including parent company and subsidiaries
HSA Company Subsidiaries
The Health Sciences Authority (HSA) applies medical, pharmaceutical and scientific expertise through its three professional groups, Health Products Regulation, Blood Services and Applied Sciences, to protect and advance national health and safety. HSA is a multidisciplinary authority. It serves as the national regulator for health products, ensuring they are wisely regulated to meet standards of safety, quality and efficacy. As the national blood service, it is responsible for providing a safe and adequate blood supply. It also applies specialised scientific, forensic, investigative and analytical capabilities in serving the administration of justice.
Loading...
HSA Similar Companies
DEKRA
For 100 years, DEKRA has been a trusted name in safety. Founded in 1925 with the original goal of improving road safety through vehicle inspections, DEKRA has grown to become the world's largest independent, non-listed expert organization in the field of testing, inspection, and certification. Today
TÜV Rheinland Group
Neutral, independent third party For more than 150 years, TÜV Rheinland has stood for ensuring quality, safety, and efficiency in conjunction with people, the environment, and technology. As a neutral, independent third party, we test, accompany, develop, promote and certify products, plants, proc
GNR - Guarda Nacional Republicana
A Guarda Nacional Republicana é uma força de segurança de natureza militar, que tem por missão, no âmbito dos sistemas nacionais de segurança e proteção, assegurar a legalidade democrática, garantir a segurança interna e os direitos dos cidadãos, bem como colaborar na execução da polít
TÜV SÜD
TÜV SÜD is the trusted partner of choice for safety, security and sustainability solutions. Our community of experts is passionate about technology and united by the belief that technology should better people’s lives. We work alongside our customers to anticipate and capitalize on technological d
DNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design,
.png)
HSA CyberSecurity News
October 24, 2025 07:00 AM
Pfizer and BioNTech Receive Health Sciences Authority Approval for SARS-CoV-2 Sublineage LP.8.1-Adapted Monovalent COVID-19 Vaccine in Singapore
Pfizer Singapore and BioNTech SE (Nasdaq: BNTX, "BioNTech") today announced that the Health Sciences Authority has approved the companies'...
October 06, 2025 07:00 AM
Asia-Pacific Roundup: HSA partners with trade group to support Singapore’s medtech industry
The Health Sciences Authority (HSA) has partnered with a trade group to provide early regulatory consultations and other support to...
September 30, 2025 07:00 AM
Singapore: The HSA updates its regulatory guidance on the therapeutic product advertising regulations to include disease awareness campaigns
On 20 August 2025, the Health Sciences Authority (HSA) uploaded a revised version of its Explanatory Guidance to the Health Products...
August 02, 2025 07:00 AM
"HSA is adopting a forward-looking 5P Strategy to tackle challenges”
Adjunct Professor (Dr) Raymond Chua, who stepped into his role as CEO of Singapore's Health Sciences Authority (HSA) in December 2024,...
July 13, 2025 07:00 AM
Wikipedia’s List Of The Largest Data Breaches Globally Since 2004
Compilation of cyberattacks by organization type and number of records compromised.
April 05, 2025 07:00 AM
Singapore: Health Sciences Authority launches public consultation on the Best Practices Guide for Medical Device Cybersecurity
In brief. On 10 March 2025, the Health Sciences Authority (HSA) launched its public consultation for the draft on the Best Practices Guide...
March 17, 2025 07:00 AM
Asia-Pacific Roundup: Singapore’s HSA seeks feedback on medical device cybersecurity best practices
Asia-Pacific Roundup: Singapore's HSA seeks feedback on medical device cybersecurity best practices ... Singapore's Health Sciences Authority (HSA)...
March 14, 2025 07:00 AM
Singapore: Health Sciences Authority launches public consultation on the Best Practices Guide for Medical Device Cybersecurity
The document provides medical device manufacturers and healthcare providers with best practice recommendations and considerations on general...
January 27, 2025 08:00 AM
Singapore: Health Sciences Authority issues alert on adulterated and counterfeit health products
On 23 December 2024, the Health Sciences Authority (HSA) issued an alert to members of the public not to purchase or consume two products.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HSA CyberSecurity History Information
Official Website of Health Sciences Authority
The official website of Health Sciences Authority is http://www.hsa.gov.sg.
Health Sciences Authority’s AI-Generated Cybersecurity Score
According to Rankiteo, Health Sciences Authority’s AI-generated cybersecurity score is 764, reflecting their Fair security posture.
How many security badges does Health Sciences Authority’ have ?
According to Rankiteo, Health Sciences Authority currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Health Sciences Authority have SOC 2 Type 1 certification ?
According to Rankiteo, Health Sciences Authority is not certified under SOC 2 Type 1.
Does Health Sciences Authority have SOC 2 Type 2 certification ?
According to Rankiteo, Health Sciences Authority does not hold a SOC 2 Type 2 certification.
Does Health Sciences Authority comply with GDPR ?
According to Rankiteo, Health Sciences Authority is not listed as GDPR compliant.
Does Health Sciences Authority have PCI DSS certification ?
According to Rankiteo, Health Sciences Authority does not currently maintain PCI DSS compliance.
Does Health Sciences Authority comply with HIPAA ?
According to Rankiteo, Health Sciences Authority is not compliant with HIPAA regulations.
Does Health Sciences Authority have ISO 27001 certification ?
According to Rankiteo,Health Sciences Authority is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Health Sciences Authority
Health Sciences Authority operates primarily in the Public Safety industry.
Number of Employees at Health Sciences Authority
Health Sciences Authority employs approximately 786 people worldwide.
Subsidiaries Owned by Health Sciences Authority
Health Sciences Authority presently has no subsidiaries across any sectors.
Health Sciences Authority’s LinkedIn Followers
Health Sciences Authority’s official LinkedIn profile has approximately 15,707 followers.
NAICS Classification of Health Sciences Authority
Health Sciences Authority is classified under the NAICS code 92219, which corresponds to Other Justice, Public Order, and Safety Activities.
Health Sciences Authority’s Presence on Crunchbase
No, Health Sciences Authority does not have a profile on Crunchbase.
Health Sciences Authority’s Presence on LinkedIn
Yes, Health Sciences Authority maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/health-sciences-authority.
Cybersecurity Incidents Involving Health Sciences Authority
As of December 04, 2025, Rankiteo reports that Health Sciences Authority has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Health Sciences Authority has an estimated 2,038 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Health Sciences Authority ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
How does Health Sciences Authority detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with verified no sensitive medical or contact information was contained in the database..
Incident Details
Can you provide details on each incident ?
Title: HSA Blood Donor Data Breach
Description: The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by the Health Sciences Authority (HSA).
Type: Data Breach
Attack Vector: Improper Data Exposure
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach HEA15589323
Data Compromised: Personal information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information.
Which entities were affected by each incident ?
Incident : Data Breach HEA15589323
Entity Name: Health Sciences Authority (HSA)
Entity Type: Government Agency
Industry: Healthcare
Location: Singapore
Customers Affected: 800,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach HEA15589323
Containment Measures: Verified no sensitive medical or contact information was contained in the database
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach HEA15589323
Type of Data Compromised: Personal Information
Number of Records Exposed: 800,000
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by verified no sensitive medical or contact information was contained in the database.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Verified no sensitive medical or contact information was contained in the database.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 800.0K.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=health-sciences-authority' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
