Data of 14,200 with HIV leaked online: What you need to know about the case

Ler Teck Siang (left) and Mikhy Farrera Brochez are at the centre of a high-profile data breach in the healthcare sector that came to light on Jan 28, 2019.

Choo Yun Ting
Business Correspondent
Updated
Feb 01, 2019, 10:35 AM
Published
Jan 28, 2019, 09:27 PM

SINGAPORE - The Ministry of Health (MOH) said on Monday (Jan 28) that confidential information of 14,200 people diagnosed with HIV was leaked online.

Here's what you need to know about the case.

1. What information was disclosed?

The details that have been leaked from the HIV Registry's records include those of 5,400 Singaporeans and permanent residents diagnosed with HIV up to January 2013, and 8,800 foreigners diagnosed up to December 2011.

This included each person's name, identification number, phone number, address, HIV test results and related medical information.

The name, ID number, phone number and address of 2,400 people identified through contact tracing up to May 2007 were also included.

2. Who leaked the information?

The information was held and leaked by Mikhy Farrera-Brochez, 33, a male US citizen who was in Singapore on an employment pass between January 2008 and June 2016.

In March 2017, he was sentenced to 28 months in jail for fraud and drug-related offences, including lying to the Ministry of Manpower about his own HIV status. Farrera-Brochez, who was HIV-positive, was found to have used his boyfriend's blood for an HIV test to apply for an employment pass to stay in Singapore. He later worked as a polytechnic lecturer.

He was deported from Singapore upon completing his sentence in April 2018.

3. How did Farrera-Brochez get hold of the information?

Farrera-Brochez's partner was Ler Teck Siang, a male Singaporean doctor who was head of MOH's National Public Health Unit from March 2012 to May 2013.

Ler, 36, had the authority to access information in the HIV Registry for his work.

Ler, who is still a registered doctor but cannot practise medicine in Singapore, has been charged under the Official Secrets Act (OSA) for failing to take reasonable care of confidential information regarding HIV-positive patients.

In September 2018, Ler was convicted of abetting Farrera-Brochez to commit cheating and of providing false information to the police and MOH. He has appealed against the 24-month sentence.

4. When did MOH find out about the leak?

In May 2016, MOH received information that Farrera-Brochez held confidential details which appeared to be from the HIV Registry. A police report was made.

Farrera-Brochez and Ler's properties were searched, and all relevant material found then were seized by the police.

In May 2018, after Brochez was deported, the ministry received information that he still had part of the records he had in 2016. MOH filed a police report, and notified those affected. At the time, the records did not appear to have been disclosed publicly. MOH made a police report and contacted the affected people to notify them.

Last Tuesday (Jan 22), the ministry was notified by police that confidential information from the HIV Registry could be in Farrera-Brochez's possession, and had been leaked online.

5. Where is Farrera-Brochez now?

He is currently not in Singapore, and MOH was unable to comment further on Monday as the police are investigating the case.

The police are investigating him for various offences, and the authorities are seeking assistance from their foreign counterparts.

6. Has MOH contacted those affected by the leak?

Of the 5,400 Singaporeans and PRs affected, 1,900 have died and 3,500 are still living.

MOH said more than 1,000 of the 3,500 have been successfully contacted as of 4pm on Monday.

According to the ministry, a large number of the foreigners are no longer in Singapore.

7. What has MOH done to prevent future leaks?

The ministry had put in place additional safeguards against mishandling of information by authorised staff since 2016.

More On This Topic
Fake American professor who used boyfriend's blood for HIV test jailed 28 months
Doctor gets 2 years' jail for switching blood sample of HIV-positive boyfriend with his own

These measures include:

- A two-person approval process to download and decrypt information from the HIV Registry. This process ensures that the confidential details cannot be accessed by a single person.

More On This Topic
Who are the duo at the centre of HIV Registry leak?

- A workstation was specifically configured and locked down to prevent unauthorised removal of information. It was also used for processing sensitive information from the HIV Registry.

More On This Topic
Doctor who leaked list of people with HIV can't practise, has no access to national health database

- The use of personal storage devices on official computers was disabled in MOH in 2017, as part of a government-wide policy.

On Monday, MOH said that it will continue to regularly review its systems to ensure they remain secure and that the necessary safeguards are in place.

Related Stories
HIV data leak: US jury finds Mikhy Farrera-Brochez guilty of intending to extort Singapore govt
Mikhy Farrera-Brochez said he'd rather put a bullet in his head than turn over S'pore HIV database: FBI witness
Ler Teck Siang, doctor in HIV data leak case, allegedly helped abusers inject illegal drugs
HIV data leak: Lawyer for Mikhy Farrera-Brochez quits
HIV data leak: Mikhy Farrera-Brochez slapped with 3 charges by US grand jury
2,400 foreigners in Singapore found to have HIV in last 7 years; most no longer live here
US prosecutor charges Brochez with threatening to extort Singapore government
HIV data leak: Security safeguards for HIV Registry in 2012-2013 in line with prevailing government policies
Standard practice to prepare list of HIV-positive inmates for medical reviews, says Prisons Service
HIV data leak: Mikhy Farrera Brochez traced to Kentucky where he says he's jobless and homeless

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top