On 28 Jan 2019, the Ministry Of Health (MOH) publicly admitted that the confidential information of 14,200 people had been leaked online by an unauthorised individual we now know as US citizen Mikhy Farrera Brochez. The leaked data contained names, identification numbers, contact details and most critically, their HIV – positive status. Under the Infectious Diseases Act of 1976, the HIV registry was maintained to monitor the infection so as to assess and manage the spread of the disease.
Brochez had obtained the registry through his partner, Ler Teck Siang, who was the head of the National Public Health Unit from 2012 to 2013. Brochez was also jailed for 28 months in 2016 for faking his HIV status to appear negative in order to gain an employment pass into Singapore. He was subsequently deported in April 2018.
What’s the mess?
As details surfaced, Brochez came out with allegations of police abuse mistreatment during his jail sentence. Such allegations were denied, with a statement released by the Singapore Police Force and Singapore Prisons stating that “His actions have shown him to be a pathological liar”. In light of the investigation, it has been revealed that Brochez has had a history of falsifying his credentials and his own identity. Brochez has since been arrested on 8 Dec 2018 in Kentucky, US for trespassing into his mother’s house and is to appear before the court on 18 Feb.
What’s the big deal?
In an apology to the victims of the data leak, Health Minister Gan Kim Yong spoke of the incident as a breach of security guidelines and offered sympathy for those who were compromised. However, it should be noted that evidence of the data leak was unveiled as far back as 2016. This is not the first time data breaches have happened in Singapore. In June 2018, a cyberattack on SingHealth resulted in the largest local data breach, compromising the private information of 1.5 million Singaporeans. As more private data is collected and stored by companies and organisations, it has become ever more prudent to lock down and protect this information.