In the past few years, Singapore has built quite a reputation for itself as a world-class tech hub in Asia. Many companies looking for an entrance into the emerging markets in the region have found the city-state to be the best place to start.
As proof of this, 4 out of the 5 top tech companies around the globe now have operations in Singapore with more investments coming in, according to Singapore’s Economic Development Board (EDB). Two years ago, Bloomberg Innovation Index placed Singapore in 6th place, before both the United States and Japan.
China’s tech giants such as Alibaba, Baidu, and Tencent all consider Singapore to be its top investment destination, and American companies Google, Amazon, and Facebook have operations in the country as well.
However, recent cybersecurity breaches have cast a shadow on Singapore’s image as a tech hub.
While the country is still in recovery from last year’s massive cyber attack on the data of its public health system, Singaporeans got another bad shock this week upon learning that the medical records of more than 14,000 HIV patients in the country had also been illegally accessed.
The government pointed to a state-linked group of advanced cyber hackers as the perpetrators of the SingHealth breach, and for the HIV patients information breach, it was an American lecturer whose Singaporean partner, who had been employed at the Health Ministry, who was culpable in obtaining the records.
What was particularly galling about the SingHealth cyberattack is that the information about Prime Minister Lee Hsien Loong had been specifically targeted. PM Lee, age 66, is a cancer survivor.
These grave breaches have tarnished Singapore’s image as a tech hub in the region, and serve as a warning for other nations driven to make data more and more centralized and accessible.
A report from the New York Times asks two important questions: Do the public benefits justify the inherent risks to privacy? And can anyone prevent senior officials from misusing information they have at their fingertips?
Singapore’s Minister of Communication and Information, S. Iswaran, said in parliament that in the interest of national security, the identity of the hackers would not be made public. He also said that data from SingHealth has yet to appear “in any form” in the dark web, the section of the world wide web where criminal activity abounds.
For a country with the motto “Data is the new currency, and with open data, the possibilities are endless!” on its SmartNation portal, the breaches must have caused no small amount of embarrassment to its leaders indeed.
And yet, the cybersecurity problems besetting Singapore is not unusual for governments that want to make health services better while trying to protect the privacy of patients.
According to a cyber policy analyst at the Australian Strategic Policy, Tom Uren, the breach shows how the oversight of patients’ records systems can be problematic, such as in Singapore’s case, wherein HIV test results and personal data were kept in the same location. Uren believes this was unnecessary.
The American who reportedly illegally accessed the HIV patients’ records is Mikhy K. Farrera Brochez. His Singaporean partner, Dr. Ler Teck Siang, had submitted his own blood samples on Brochez’ behalf since HIV-positive foreigners are not allowed to work in Singapore. Brochez had tested positive for HIV in 2008.
Convicted in 2017 of several offenses, Brochez served a prison term in Singapore and was deported afterward. Ler was also convicted and was sentenced to prison.