Singapore health ministry in hot water over massive HIV data breach

Personal details of over 16,000 people have been compromised.

Singapore’s Ministry of Health (MOH) is facing global scrutiny following a large-scale data breach which saw the confidential information of over 16,000 HIV-positive individuals accessed and leaked online.

The information included the names, identification number, contact details, HIV test results and related medical information of 14,200 HIV-positive individuals, both Singaporean and foreigners, diagnosed up to January 2013. The details of 2,400 individuals identified through contact tracing up to May 2007 were also leaked.

Also read: New data platform accelerates development of healthcare applications to manage world's most critical information

“The information has been illegally disclosed online,” the MOH admitted in a press release, adding that the breach only came to its attention after the agency was alerted by the police. “We have worked with the relevant parties to disable access to the information.”

The information was illegally accessed and leaked by one Mikhy K Farrera Brochez, a US citizen who was residing in Singapore on an employment pass, between January 2008 and June 2016.

In March 2017, he was sentenced to 28 months imprisonment for a string of offences, including lying about his HIV status to the Ministry of Manpower (MOM). He has since been deported and remains at large.

Also read: Japan banks on big data solutions to keep healthcare costs in check

Brochez was a partner of Ler Teck Siang, the Head of MOH’s National Public Health Unit (NPHU) from March 2012 to May 2013. Ler had authority to access information in the HIV Registry as required for his work.

The HIV data breach is believed to have arisen from the mishandling of information by Ler, who is suspected of not having complied with the policies and guidelines on the handling of confidential information.

The fiasco comes hot on the heels of the July 2018 data breach involving the personal information of 1.5 million SingHealth patients.

“We are sorry for the anxiety and distress caused by this incident. We appeal to members of the public to notify MOH immediately should they come across information related to this incident, and not further share it. Members of the public who have such information or other concerns can contact our hotline at 6325 9220,” the MOH stated.