Outraged Singaporeans have blasted the Ministry of Health (MOH) for keeping silent about the leak of confidential information from the HIV registry for years, until the information was disclosed online by a foreigner.
Yesterday, the Ministry of Health (MOH) confirmed that confidential information regarding 14,200 individuals diagnosed with HIV was leaked and is now in the possession of a foreigner named Mikhy K Farrera Brochez.
In May 2016, MOH was alerted that Brochez illegally possessed confidential information from the HIV Registry. After MOH lodged a police report, Brochez’ properties were searched and “all relevant material found were seized and secured by the Police.”
Two years later, in May 2018, after Brochez had been deported, that he still had part of the records he had in 2016. Although the Ministry contacted the affected individuals, the public was not informed of this discovery.
About eight months later, MOH found that Brochez could have illegal possession of more information from the HIV registry and that he had disclosed the information online.
Several Singaporeans have expressed outrage over the fact that MOH did not inform the public that confidential information from the HIV registry was leaked, years ago. It is indeed curious that the ministry held out until the information was actually leaked to inform the public of the illegal possession of confidential records.
Singaporeans have also pointed out that the withholding of information from the public over this leak brings back memories of the Singhealth data hack that unfolded last year.
The Government only told the public about the unprecedented data breach half a month after it was discovered. This, despite the fact that the breach affected 1.5 million patients whose medical data, personal information and contact details had been hacked. 160,000 of these patients had their outpatient prescriptions stolen, as well.
Joining the chorus of fury against MOH, veteran journalist Bertha Henson has asserted that MOH’s handling of the HIV registry leak seemed like it was meant to “cover up” the leak.
Referring to MOH’s silence in 2018 when it found that Brochez still had possession of stolen records but it had not been “disclosed in any public manner,” the former Straits Times heavyweight said in a blog post:
“What an exercise in ambiguity! What did the authorities do at this stage to plug the leak? What does “any public manner’’ mean? Apparently, it is not through online channels. Did he attempt blackmail? And how many affected individuals were there? At this point in time, did the authorities still believe there was no need to make public the news that some information had been stolen?
“In any case, in this same year, coincidentally, MOH instituted additional safeguards, including a two-person approval process to download and decrypt information, against mishandling of information by authorised staff. It also disabled the use of unauthorised portable storage devices on official computers in 2017, “as part of a government-wide policy’’.
“I don’t how else to describe the above except to use the term “cover-up’’.”
Sharing that she holds the “forlorn hope that some hard questions will be raised by Members of Parliament” when Parliament sits on 11 Feb, Henson asserted:
“I have had enough of officials telling us when they should give information that affects people or what sort of information should be made public. I have also had my fill of people who say we don’t have to know everything, and that we should let the G handle everything.
“I think our brain should work more than once in every four or five years.”
Another Singaporean, Shih-Tung Ngiam, pointed out that MOH discovered the HIV registry leak in 2012-2013 but still tried to push for the National Electronic Health Record (NEHR) in 2017-2018 despite the obvious risks.
Positioned as a “secure system,” NEHR proposed to collect “summary patient health records across different healthcare providers” to enable “authorised healthcare professionals to have a holistic picture of your healthcare history.”
The authorities pushing for NEHR had promised: “With “One Patient, One Health Record”, your care team would be able to deliver safer, better and more personalised CARE for you.”
Singapore Democratic Party chairman Dr Paul Ananth Tambyah, a medical doctor who practises at the National University Hospital, is one notable figure who “liked” Ngiam’s post.
Several Singaporeans have expressed similar views and have asked whether the Singhealth data hack could have been avoided if the authorities had secured their servers when the illegal possession of the HIV registry records were discovered years before
Other have said that this incident highlights the perceived incompetence of Health Minister Gan Kim Yong and are calling on him to resign over this latest fiasco under his watch: