HIV data leak: Gan Kim Yong defends how incident has been handled


SINGAPORE - Health Minister Gan Kim Yong on Tuesday (Feb 12) defended the way the authorities handled the HIV Registry data breach, and said public disclosure of the matter was a judgment call balancing the need to be transparent and how it would affect the people on the registry.

He said that while action has been taken to delete the information that had been leaked, the authorities are still monitoring further exposure of the data.

In a ministerial statement after nine MPs raised questions on the issue, Mr Gan said that the well-being of the affected persons weighed heavily in the authorities' considerations.

When the Ministry of Health (MOH) first found out in 2016 that rogue American lecturer Mikhy Farrera Brochez had access to the confidential HIV information, it had to decide whether to inform those affected and to publicise it.

"These were not straightforward decisions. On the one hand, there is the need to be transparent. On the other hand, we need to consider the impact of an announcement on the affected persons with HIV - would it serve their interest, or harm them instead?" he said.

Doctors at the MOH said particular attention had to be paid to the concerns and needs of HIV patients, as HIV status is a deeply emotional and personal matter.

At that time, there was also no evidence that the confidential information had been disseminated to the public, and whatever information Brochez had revealed had been seized or deleted by the police.

The decision in 2016 was to not inform those on the list or make public the data leak.

However, in 2018, when Brochez revealed more information and 31 records could not be retrieved, the MOH decided to contact the 31 people and alert them to the matter.

Then in January this year, when Brochez put the full HIV registry online and provided the link to a non-government party, the likelihood of the identities being made public increased significantly.


"MOH therefore decided to make a public announcement on Jan 28 even though we remained deeply concerned about the impact this would have on the affected persons," said Mr Gan.

"We sought to quickly contact each of the affected individuals to inform them of the circumstances and also offer them assistance prior to the announcement. We worked with the police and other relevant parties to disable access to the information as quickly as possible."

Mr Gan stressed that at each juncture - May 2016, May 2018 and January 2019 - the MOH had to make judgment calls balancing the various considerations.

"It is arguable that MOH should have made a different call. But I reject any allegation that MOH sought to cover up the incident," he said, alluding to calls that the ministry had been less than open about the matter.

He added: "On all three occasions, MOH's primary concern was the well-being of the persons on the HIV registry."

He also said the ministry faces the same dilemma today as it did back in 2016 and 2018.

"We now know that Brochez retained some data after the police seized all the files they could find in 2016. Quite possibly, he still has more data in his possession. Should MOH now make known all that Brochez may (or may not) still possess? Do we contact every person whose data may (or may not) be at risk? And in the process inflict more harm on people even though it may ultimately turn out that Brochez in fact does not have the information? Again, we have to assess and make a judgment call."

The ministry has decided to continue to manage the situation in a way that reduces the possibility of further exposure, he said, which is consistent with the decision taken in 2016, and again in 2018. "It is based on what we believe to be the interest of the potentially affected persons."

In his statement, Mr Gan also said the ministry had started tightening security of the HIV Registry since 2012, even before Brochez's complaint of information leak from the Registry that year.


Before 2012, staff had to download information from the Register in order to do routine data entry. This was why Ler was able to download the information onto a thumb drive.

In 2012, the database was moved to a network-based system and staff no longer had to download the information to work on it.

Since then, the audit trail has been enhanced, sensitive data can be processed at specific workstations only, and a two-person approval required.

In wrapping up his statement, Mr Gan said: "This has been a regrettable incident caused by the irresponsible and deplorable actions of two individuals."

He said Ler betrayed the trust of the ministry and the medical profession. "I am sorry that the irresponsible actions of one of our officers has resulted in such distress to the affected persons."

As for Brochez, who has "left a trail of lies and deceit, and now perpetrated a reprehensible act that has affected thousands of persons with HIV", Mr Gan promised: "We will spare no effort in bringing him to justice again for his latest crime."