Medical records for 14,200 H.I.V.-positive people in Singapore were obtained by an American and illegally disclosed online, officials said Monday, in the second major data breach of the country’s public health system in less than a year.
“We are sorry for the anxiety and distress caused by this incident,” the Health Ministry said in a statement, adding that it had started to contact affected people on Saturday. “Our priority is the well-being of the affected individuals.”
The Singaporean police notified the Health Ministry on Jan. 22 that confidential information from its H.I.V. Registry “may have been disclosed by an unauthorized person,” the statement said. The ministry said it had filed a police report the next day and spent another two days working “with the relevant parties to disable access to the information.”
Though access was successfully disabled, the information “is still in the possession of the unauthorized person, and could still be publicly disclosed in the future,” the statement said. It named that person as Mikhy K. Farrera Brochez, an American citizen who it said had lived in Singapore on an employment pass from January 2008 to June 2016, when he was jailed. Mr. Brochez could not immediately be reached for comment on Monday.
The attack is the second major data breach of Singapore’s public health system since July, when a cyberattack compromised data from 1.5 million people, including Prime Minister Lee Hsien Loong, a cancer survivor. Singaporean officials said this month that the perpetrator in that attack “had a clear goal in mind, namely the personal and outpatient medication data of the prime minister.” The government has declined to name the perpetrator, citing national security. On Monday evening, an official at the Health Ministry referred a reporter to the ministry’s statement on the H.I.V. data breach and declined to comment further. Read more via New York Times