Medical records and contact information belonging to 14,200 HIV-positive patients in Singapore have been leaked online according to the country’s Ministry of Health (MOH).
Stated by the Singapore Ministry of Health (MOH), a U.S. citizen named Mikhy K Farrera Brochez was in possession of this confidential information with the help of a Singaporean doctor, Ler Teck Siang, who was formerly head of MOH’s National Public Health Unit.
Brochez had illegally accessed the data using Siang’s authorized access to data in the local HIV registry. The database contains information related to HIV-positive individuals and is used to monitor the country’s HIV infection status, facilitate contact tracing, and assess disease prevention measures.
“The information has been illegally disclosed online,” MOH said. “We have worked with the relevant parties to disable access to the information.”
This online exposure demonstrates the importance of taking steps to safeguard sensitive patient information.
The affected individuals included 5,400 Singaporeans and 8,800 foreigners who had been diagnosed with HIV up to January 2013 and December 2011. Their name, identification number, contact details including phone and address, as well as HIV test results and related medical information had been leaked, the ministry said. The name, identification number, phone number, and address of 2,400 identified–up to May 2007–as part of a contact tracing process also had been exposed.
Singapore’s Action for AIDS said it was “deeply troubled” as the breach could “damage” the lives of individuals living with HIV. “We stand with all whose private information may have been accessed and violated. This is a criminal act that should be condemned and answered in the most severe terms possible,” they said in a statement on Monday.
Lack of Cybersecurity Awareness
The most severe data breach to date in Singapore was on July 2018 when personal data of 1.5 million SingHealth patients was compromised due to the result of misconfigured IT systems along with an IT staff who lacked cybersecurity awareness and resources. Organizations handling especially sensitive information should consider using behavioral analytics to monitor and detect when data is accessed or is being inappropriately used.