Local human rights advocacy group, MARUAH, has criticised the Ministry of Health for the lack of transparency in how it handled the HIV Registry data leak, which affected 14,200 patients diagnosed with HIV and 2,400 individuals who had contact with these 14,200 patients.
The confidential information of these patients (like names, NRIC numbers, HIV status, medical records, addresses and phone numbers) were stolen from the HIV Registry by a foreigner who gained access to the server through his boyfriend, a medical doctor. Before the authorities recovered all the information, the foreigner was deported from Singapore.
Although MOH knew that the foreigner illegally possessed the stolen information in 2016 and apparently seized the information from him, they did not inform the public of this discovery.
In 2018, MOH found that the foreigner still had the records despite police action. Again, it did not inform the public of this discovery. This month, MOH found that the foreigner was in illegal possession of more records and that he had disclosed the records online.
In a press statement released today, MARUAH said that it was “deeply troubled” by the “reprehensible” HIV Registry data theft and asked the authorities to handle such incidents with transparency and accountability:
“MARUAH is deeply troubled by the recent HIV data leak. We strongly condemn the leak, which violates the right to privacy of persons with HIV and is a reprehensible act. We stand in solidarity with those affected, and encourage the public to respond with empathy and compassion.
“We call on the government to step up public education efforts, so that this incident does not affect the willingness of at-risk persons to get tested or access help. We also believe the government should introduce anti-discrimination legislation, so that persons with HIV need not live in fear of the stigma damaging their lives and careers.
“The handling of the data leak also lacks transparency. The government did not contact and inform all the affected individuals when the leak was discovered in 2016. This, and the fact that the government did not disclose the leak to the public until forced to by events, risks undermining confidence in the protection of patient confidentiality.
“Such incidents need to be handled with transparency and accountability, for Singaporeans to trust that our personal data is being protected.”