The country’s ‘smart nation’ portal says ‘Data is the new currency, and with open data, the possibilities are endless!’
Singapore has long been pushing this island as a technology hub and the government is constantly championing greater use of technology in various sectors to increase efficiency.
Unfortunately, two major data breaches have tarnished Singapore’s tech-savvy image.
In 2018, Singapore’s health system suffered a cyberattack that compromised the data of 1.5 million people. Authorities say that the person behind that attack was targeting the medical records of PM Lee Hsien Loong who is a cancer survivor. The perpetrator has been identified and it’s been ascertained that the stolen personal data has not made its way onto the dark web.
In the second breach which was announced just this week (28 Jan), the Ministry of Health said that medical records of 14,2000 HIV positive individuals in the country had been illegally obtained in 2016 and were disclosed online recently.
The breach in 2016 was the doing of a US citizen working in Singapore at the time. The records he illegally downloaded from the HIV Registry with the help of a Singaporean doctor includes names, identification numbers, contact details, HIV test results, and relation information of Singaporeans who were diagnosed as recently as 2013 and 8,800 foreigners diagnosed up to December 2011.
The suspect, Micky K. Farrera Brochez, had reportedly tested positive for HIV in 2008 using a fake passport from the Bahamas shortly after arriving in Singapore. The authorities say that Mr Brochez’s fooled the HIV tests in order to hold on to his employment pass with the help of his Singaporean partner Ler Teck Siang who was a senior official with the Health Ministry. Apparently, Ler use his own blood sample when Singaporean authorities tested Mr Brochez for HIV, twice.
In Singapore, foreigners who are HIV positive are not allowed to work in the country. It’s understood that Mr Brochez was attempting to circumvent that law. He was convicted in 2017 for several offences including lying to labour officials about his HIV status and providing false information to the police.
He was sentenced to 28 months in prison and then later deported. He’s no longer residing in Singapore. His partner was sentences to 24 months in prison for abetting cheating and providing false information to the authorities. Ler is currently appealing the conviction.
A gastroenterologist at Mount Elizabeth Novena Specialist Center, Dr Desmon Wai, told the New York Times that these cyberattack illustrates just how vulnerable the country’s electronic records are. However, he said that he does feel it wasn’t entirely fair to blame the Health Ministry for the second breach as it would be difficult to restrict a senior health officials’ access to the government’s HIV registry.
Even so, he added that Ler should not have had such wide access and the ability to download the data in the first place.
On Monday, the Health Ministry apologized for “the anxiety and distress caused by this incident” and said it had been contacting those affected by the breach. The ministry also said it would “continue to regularly review our systems to ensure that they remain secure and that the necessary safeguards are in place.”
These breaches highlight the potential snares for Singapore’s push to make data more accessible and centralised. To the benefits justify the risks to privacy and can anyone prevent senior officials from misusing their access to confidential information?