Singapore’s HIV Registry Data Exposed Online

Singapore’s Ministry of Health disclosed Monday (Jan. 28) that the private health information of its citizens has been breached.

According to a report in TechCrunch, it marks the second time within a year that Singapore residents’ data has been accessed. Coming off the heels of a breach in the summer in which the medical records of as many as 1.5 million people were compromised, Singapore’s Ministry of Health said the personal details and HIV-positive status of 14,200 people were placed online.

The ministry said the details were posted by an unauthorized user to the ministry’s HIV Registry. TechCrunch reported that Mikhy K. Farrera Brochez, a U.S. citizen who was deported last year from Singapore over fraud and drug charges, reportedly posted the information online after gaining access to the registry from Ler Teck Siang, a doctor who had previously run the Ministry of Health’s National Public Health Unit. Brochez is believed to have obtained the data in person and as a result, may post it again even after the ministry said the access has been disabled. The Singapore government said it is “working with relevant parties to scan the Internet for signs of further disclosure of the information” and “seeking assistance from … foreign counterparts,” reported TechCrunch.

In an announcement, the Ministry apologized for the “anxiety and distress” the security breach caused. “Our priority is the wellbeing of the affected individuals. Since 26 January, we have been progressively contacting the individuals to notify them and render assistance,” the ministry wrote in an announcement. The ministry called on anyone who comes in contact with the information to turn it in and to refrain from further sharing it. The registry has the name, ID number, phone number, email address, HIV test results and other medical information for 5,400 people in Singapore who have HIV up to January of 2013, reported TechCrunch. It also has information on 8,800 foreigners up until December of 2011 and 2,400 contact up to May of 2007, noted TechCrunch.

The report noted that in May of 2016 police were notified of Brochez and the fact that he had the information. Despite that, the police just learned he had disclosed the information online. TechCrunch reported Brochez is currently located outside of Singapore.