Difficult questions about MOH HIV data theft & leak asked by S’pore media

Many of the questions focused on how the man behind the leaks was able to do what he did.

Matthias Ang | January 31, 2019 @ 04:28 pm


Many questions are being raised in the wake of the theft and leak of confidential data belonging to 14,200 HIV-infected individuals.

Parts of the information, stolen from the Ministry of Health’s (MOH) HIV Registry in 2016, is currently still in the possession of a United States citizen and known conman, Mikhy K Farrera Brochez.

Questions raised

Politicians, such as Workers’ Party’s Gerald Giam, are asking why MOH took more than two years to notify affected individuals.

The media in Singapore is also taking the lead in asking hard questions.

The Straits TimesYahoo, and The New Paper are asking how could this breach have happened in the first place, and whether the matter has been adequately and properly handled thus far.

Here are some of the questions asked:

Why did MOH only choose to reveal the breach now when it already knew about it in 2016 and 2018?

MOH Permanent Secretary Chan Heng Kee’s reply at a press conference was that in the previous instances, MOH factored in the well-being of HIV-positive individuals, along with whether the information was secure and unlikely to be revealed to the public later, ST reported.

“Certainly, in a case where the info is contained, we would take a more conservative approach given that we do know that the persons in this registry would have concern about a public announcement.”

ST highlighted that this raised the question of what made MOH so confident in the previous instances that Brochez would not reveal the information, which he subsequently did so in January 2019.

Had MOH revealed the breach earlier instead, ST added, it might have limited the damage instead of opening itself up to accusations of a cover-up.

This issue then raised other questions.

Were the authorities thorough in their investigation?

Yahoo noted that the properties of both Brochez and his partner, Ler Teck Siang, were searched by the police after the initial report was made in 2016.

While “relevant material” was secured, Yahoo questioned if the authorities had accorded “due weight to the nature of the confidential data” given that the identity of HIV patients was protected under the Infectious Diseases Act.

Yahoo also asked why Brochez was never prosecuted under the Official Secrets Act (OSA) as far back as 2016, given that his partner, Ler had been charged under the OSA.

ST said the OSA charges was for failing to take reasonable care of a thumbdrive on which he saved the said information (from the HIV registry).

How did Brochez come to be in possession of the data in the first place?

Yahoo reported that Ler had downloaded the HIV Registry onto a USB thumbdrive while serving as the head of MOH’s NPHU from 2012 to 2013.

However, ST also reported that Ler continued to have access to the HIV Registry until May 2016, even after he stepped down.

Yahoo added that Ler’s access led to the following chain of questions:

  • Why did Ler download and transfer the data?
  • What was his motive for doing so?
  • Did he communicate with Brochez about his actions?
  • How far was the extent of Brochez’s involvement in Ler’s deeds?

How was Brochez able to gain employment here in the first place?

TNP reported that Brochez, who is HIV-positive himself, deceived the Ministry of Manpower (MOM) with the help of Ler, who swapped the blood sample with his own for the HIV test.

This allowed Brochez to gain an employment pass.

Both Yahoo and TNP reported that Brochez then used fake certificates to work at Temasek Polytechnic and Ngee Ann Polytechnic, which were only discovered in 2016.

Yahoo further asked:

“Did MOM… conduct due diligence and sufficient background checks on Brochez’s purported qualifications and the documents which he submitted?”

These queries appear to be only the start, as answers to some of these questions are slowly coming to light.

Here’s a timeline of events of the theft and leak of confidential data belonging to 14,200 HIV-infected individuals.May 2016: MOH lodged a police report against Brochez after learning that he has confidential information from the HIV Registry. MOH searched his property and seized all relevant materials.

Meanwhile, his Singaporean boyfriend, Ler Teck Siang, who was the former Head of MOH’s National Public Health Unit (NPHU), confessed he had swapped his blood sample for Brochez’s.

May 2018: MOH learned that Brochez still had the information from 2016 but had not disclosed them. MOH lodged another police report and contacted the affected individuals to inform them about the leak.

Jan. 22, 2019: MOH was notified by the police that Brochez has more information from the HIV registry and these were leaked online.

In total, details of 14,200 HIV-infected persons in Singapore, as well as 2,400 of their contacts were stolen and leaked online.

The records belong to 5,400 Singaporeans diagnosed with HIV up to January 2013, as well as 8,800 foreigners diagnosed up to 2011.

Jan. 23, 2019: MOH made a police report.

Jan. 24, 2019: MOH confirmed that the leaked information matched the HIV Registry’s records up to January 2013.

Jan 25, 2019: MOH worked with the relevant parties to disable access to the information that was leaked online.

Top image collage from Pixabay and MOH Facebook


Content that keeps Mothership.sg going

Property hunting can be a chore, but we made it into a game. Sort of.

Does your work spark joy ?

Here’s how to pair your CNY snacks with beer to look like a true blue connoisseur.

Yummy Yan Xi Palace inspired CNY cookies are just what we need

Here’s how you can get your money’s worth on Grab

About Matthias Ang

Matthias is that annoying guy whose laughter overshadows the joke.

Morning Commute

Interesting stories to discuss with your colleagues in office later