Data of 14,200 HIV patients in Singapore leaked

Faith Castro
January 29, 2019

The Health Ministry had become aware in May 2016 that Brochez was in possession of confidential information that appeared to be from the country's HIV Registry. New safety measures include a two-person approval process to either download or decrypt information from the HIV Registry.

The information relates to 14,200 individuals who were diagnosed with HIV up to January 2013.

Last week, Brochez disclosed online the personal information including the names, ID numbers, phone numbers and addresses of 5,400 Singaporeans diagnosed with HIV up to January 2013 and 8,800 foreigners diagnosed up to December 2011.

Authorities were contacting people who might have been affected by the leak and more 900 had been approached so far, local media reported.

"We are sorry for the anxiety and distress caused by this incident", the statement said.

Over the next six days, the Ministry lodged a police report, worked to disable access to the information, contacted affected individuals and finally informed the public. He has since been deported from Singapore and remains outside its shorelines.

Singapore's Ministry of Health said in a statement Monday that confidential data from its HIV registry had been illegally accessed and leaked by Mikhy K Farrera Brochez, a U.S. citizen residing in Singapore on an employment pass.

The latest breach, while not due to a cyber attack, comes after Singapore's worst cyber attack in 2018.

Last year, Singapore revealed that personal information of about 1.5 million people including the prime minister was stolen after hackers infiltrated the government health database.

More news: Measles outbreak grows in northwest USA , 31 cases reported

Ler had drawn blood from his left arm earlier that day and labelled the test tube with Farrera-Brochez's particulars.

MOH stressed that it will continue to regularly review its systems to ensure they remain secure and that the necessary safeguards are in place. Health Minister Gan Kim Yong apologised for the leak. "We will extend whatever assistance and support that we can for them".

In a statement, the health ministry blamed Ler for the breach, accusing him of not complying with the policies regarding the handling of confidential data. Those with information or concerns can call the MOH hotline on 6325-9220.

Singapore-based advocacy group Action for AIDS said the case has the "potential of damaging the lives of persons living with HIV and their loved ones".

March 2012 - May 2013: Ler was head of the Health Ministry's National Public Health Unit and had access to the HIV Registry.

Through Ler, MOH said, Brochez had access to the HIV Registry and copied records from it.

Ler was charged in court in June 2016 for offences under the Penal Code and the Official Secrets Act (OSA). The records were stolen sometime before 2016, but released after Brochez was deported from Singapore. At the time, the records did not appear to have been disclosed publicly. He was convicted in September of abetting Brochez in criminal activity, and sentenced to 24 months' imprisonment.

Jan 23, 2019: MOH made a police report.

"This may have led to an unauthorized person gaining possession of the data and disclosing it online", he said.

Other reports by LeisureTravelAid

Discuss This Article