Singapore HIV registry data leaked online in health breach

Henrietta Brewer
January 29, 2019

A person found guilty of the wrongful possession, communication or use of confidential data can be fined up to $2,000, and jailed up to two years.

The MOH said the information was in the possession of a US citizen named Mikhy K Farrera Brochez, who had been remanded to prison in Singapore in 2016, convicted of numerous fraud and drug-related offenses.

That's when Brochez was deported, after serving a 28-month prison sentence on "numerous fraud and drug-related offences". A workstation specifically configured and locked down to prevent unauthorised information removal was designated for the processing of sensitive information from the HIV Registry.

An American man has leaked the confidential data of 14,200 people diagnosed with HIV in Singapore, the city-state's health ministry said on Monday.

As the head of MOH's National Public Health Unit from March 2012 to May 2013, Ler could access information in the HIV Registry for his work purposes.

The leak comes just months after Singapore revealed the worst cyberattack in its history after hackers infiltrated the government health database.

The HIV-positive status of 14,200 people in Singapore, as well as their identification numbers and contact details, has been leaked online, authorities in the southeast Asian city state said Monday.

He added: "I also understand the concerns, the anxiety and distress faced by our affected patients and our priority is their well-being".

Authorities said they learned in 2016 Brochez possessed the sensitive information and raided his residence where they believed all the information had been retrieved.

"We are working with relevant parties to scan the Internet for signs of further disclosure of the information", it said, adding that Brochez now was under police investigation and local authorities were seeking assistance from their foreign counterparts.

Since 2016, it noted, additional safeguards against mishandling of information by authorised staff have been put in place, including a two-person approval process to download and decrypt information.

Mr Gan said his ministry will continue to strengthen and review its system to ensure that it is secured. "Police will not hesitate to take stern action, including prosecution, against those who have breached the OSA", said a spokesman.

Meanwhile, Ler was charged in 2016 under the Penal Code and Official Secrets Act (OSA).

In September past year, he was convicted of abetting Brochez to commit cheating, and also of providing false information to the Police and MOH.

"We are working with relevant parties to scan the internet for signs of further disclosure of the information". The records were stolen sometime before 2016, but released after Brochez was deported from Singapore. He was sentenced to 24 months in jail but has since filed an appeal which will be heard in March.

It was only on January 22 this year that the ministry was alerted to the possibility more information from the HIV registry remained in the hands of Brochez who, this time, had leaked the information online.

Other reports by iNewsToday