Data of 14,200 people diagnosed with HIV up to January 2013 leaked online by American fraudster who was deported from Singapore
The details of 2,400 at-risk contacts also leaked; American's doctor boyfriend had access to data
By Chang Ai-Lien and Fabian Koh, The Straits Times, 29 Jan 2019
Confidential information of 14,200 people with HIV - including their names, contact details and medical information - was illegally obtained and leaked online by an American fraudster who was deported from Singapore, the Ministry of Health (MOH) revealed yesterday.
Mikhy Farrera-Brochez was jailed in 2017 for several fraud and drug-related offences and lying to the Ministry of Manpower about his own HIV status.
His partner was Ler Teck Siang, a Singaporean doctor who was head of MOH's National Public Health Unit from March 2012 to May 2013 and had access to the HIV Registry.
He has been charged under the Official Secrets Act (OSA) for failing to take reasonable care of confidential information regarding HIV-positive patients.
Health Minister Gan Kim Yong told reporters yesterday: "I am sorry that one of our former staff, who was authorised to have access to confidential information in our HIV Registry, appears to not have complied with our security guidelines, and this may have led to an unauthorised person gaining possession of the data and disclosing it online."
The records leaked included those of 5,400 Singaporeans and permanent residents diagnosed with the human immunodeficiency virus up to January 2013 - of whom 1,900 have died - and 8,800 foreigners diagnosed up to December 2011.
Each person's name, identification number, phone number, address and HIV test results were among the information leaked.
Details of 2,400 of their contacts - deemed to be at risk - were also leaked. "Our priority is the well-being of the affected individuals," said MOH. It started contacting affected individuals last Saturday, and has successfully reached more than 1,000 out of all 3,500 HIV-positive Singaporeans.
However, the information is still in the hands of Farrera-Brochez, who was deported after he had served his jail term. He remains outside Singapore.
It came to light that Farrera-Brochez, who was HIV-positive, had used his boyfriend's blood to pass medical tests so that he could work in Singapore, and also got hold of information illegally from the HIV Registry that Ler had access to.
Farrera-Brochez, 33, who was a polytechnic lecturer here, was sentenced to 28 months in jail in 2017 for offences including cheating and possession of drugs. Ler, 36, has been sentenced to two years in jail for abetment of cheating and for giving a false statement to a public servant. He is appealing.
The ministry learnt of the leak last Tuesday, and made a police report the following day.
Since 2016, it noted, additional safeguards against mishandling of information by authorised staff have been put in place, including a two-person approval process to download and decrypt information.
Mr Gan said MOH will not hesitate to take stern action against staff who violate security guidelines, abuse their authority or their access to information.
The Health Ministry has asked the public to call its hotline on 6325-9220 if they have any information regarding the incident or any concerns.
When contacted, the police said that they are seeking the help of their foreign counterparts in their investigations. They also reminded the public that any person who possessed, used or communicated any confidential information under OSA could face stern action.
The details of 2,400 at-risk contacts also leaked; American's doctor boyfriend had access to data
By Chang Ai-Lien and Fabian Koh, The Straits Times, 29 Jan 2019
Mikhy Farrera-Brochez was jailed in 2017 for several fraud and drug-related offences and lying to the Ministry of Manpower about his own HIV status.
His partner was Ler Teck Siang, a Singaporean doctor who was head of MOH's National Public Health Unit from March 2012 to May 2013 and had access to the HIV Registry.
He has been charged under the Official Secrets Act (OSA) for failing to take reasonable care of confidential information regarding HIV-positive patients.
Health Minister Gan Kim Yong told reporters yesterday: "I am sorry that one of our former staff, who was authorised to have access to confidential information in our HIV Registry, appears to not have complied with our security guidelines, and this may have led to an unauthorised person gaining possession of the data and disclosing it online."
The records leaked included those of 5,400 Singaporeans and permanent residents diagnosed with the human immunodeficiency virus up to January 2013 - of whom 1,900 have died - and 8,800 foreigners diagnosed up to December 2011.
Each person's name, identification number, phone number, address and HIV test results were among the information leaked.
Details of 2,400 of their contacts - deemed to be at risk - were also leaked. "Our priority is the well-being of the affected individuals," said MOH. It started contacting affected individuals last Saturday, and has successfully reached more than 1,000 out of all 3,500 HIV-positive Singaporeans.
However, the information is still in the hands of Farrera-Brochez, who was deported after he had served his jail term. He remains outside Singapore.
It came to light that Farrera-Brochez, who was HIV-positive, had used his boyfriend's blood to pass medical tests so that he could work in Singapore, and also got hold of information illegally from the HIV Registry that Ler had access to.
Farrera-Brochez, 33, who was a polytechnic lecturer here, was sentenced to 28 months in jail in 2017 for offences including cheating and possession of drugs. Ler, 36, has been sentenced to two years in jail for abetment of cheating and for giving a false statement to a public servant. He is appealing.
The ministry learnt of the leak last Tuesday, and made a police report the following day.
Since 2016, it noted, additional safeguards against mishandling of information by authorised staff have been put in place, including a two-person approval process to download and decrypt information.
Mr Gan said MOH will not hesitate to take stern action against staff who violate security guidelines, abuse their authority or their access to information.
The Health Ministry has asked the public to call its hotline on 6325-9220 if they have any information regarding the incident or any concerns.
When contacted, the police said that they are seeking the help of their foreign counterparts in their investigations. They also reminded the public that any person who possessed, used or communicated any confidential information under OSA could face stern action.
HOW IT HAPPENED:
March 2008: Farrera-Brochez applied for an employment pass to stay in Singapore with Ler, using Ler’s blood for an HIV test.
March 2012 - May 2013: Ler was head of the Health Ministry’s National Public Health Unit and had access to the HIV Registry.
January 2014: Ler resigned.
May 2016: MOH lodged a police report after receiving information that Farrera-Brochez possessed information which appeared to be from the HIV Registry.
June 2016: Ler was charged for offences under the Penal Code and OSA. Farrera-Brochez was remanded in prison.
March 2017: Farrera-Brochez was convicted of several fraud and drug related offences, and sentenced to 28 months’ jail.
April 2018: Farrera-Brochez was released from prison and deported.
May 2018: After Farrera-Brochez had been deported from Singapore, MOH received information that Brochez still had part of the records he had in 2016. At the time, the records did not appear to have been disclosed publicly. MOH made a police report and contacted the affected individuals to notify them.
September 2018: Ler was convicted of abetting Farrera-Brochez to commit cheating, and of providing false information to the police and MOH. He was sentenced to 24 months’ jail.
Jan 22, 2019: MOH was notified by police that confidential information from MOH’s HIV Registry could be in Farrera-Brochez’s possession, and had been leaked online.
Jan 23, 2019: MOH made a police report.
Jan 24, 2019: MOH ascertained that disclosed information matched the HIV Registry’s records up to Jan 2013.
Jan 24-25, 2019: MOH worked with relevant parties to disable access to the information.
March 2019: Ler’s appeal against his 24-month sentence to be heard.
March 2008: Farrera-Brochez applied for an employment pass to stay in Singapore with Ler, using Ler’s blood for an HIV test.
March 2012 - May 2013: Ler was head of the Health Ministry’s National Public Health Unit and had access to the HIV Registry.
January 2014: Ler resigned.
May 2016: MOH lodged a police report after receiving information that Farrera-Brochez possessed information which appeared to be from the HIV Registry.
June 2016: Ler was charged for offences under the Penal Code and OSA. Farrera-Brochez was remanded in prison.
March 2017: Farrera-Brochez was convicted of several fraud and drug related offences, and sentenced to 28 months’ jail.
April 2018: Farrera-Brochez was released from prison and deported.
May 2018: After Farrera-Brochez had been deported from Singapore, MOH received information that Brochez still had part of the records he had in 2016. At the time, the records did not appear to have been disclosed publicly. MOH made a police report and contacted the affected individuals to notify them.
September 2018: Ler was convicted of abetting Farrera-Brochez to commit cheating, and of providing false information to the police and MOH. He was sentenced to 24 months’ jail.
Jan 22, 2019: MOH was notified by police that confidential information from MOH’s HIV Registry could be in Farrera-Brochez’s possession, and had been leaked online.
Jan 23, 2019: MOH made a police report.
Jan 24, 2019: MOH ascertained that disclosed information matched the HIV Registry’s records up to Jan 2013.
Jan 24-25, 2019: MOH worked with relevant parties to disable access to the information.
March 2019: Ler’s appeal against his 24-month sentence to be heard.
The duo at the centre of the HIV Registry leak were boyfriends who hatched a plot to trick the Ministry of Manpower (MOM) into issuing one of them an employment pass (EP).
Mikhy Farrera-Brochez, 33, had met Singaporean general practitioner Ler Teck Siang, 36, online.
The American lived in Singapore for eight years on an EP, from 2008 to 2016.
He had moved to Singapore a year after the pair got into a romantic relationship.
As he knew that foreigners with HIV are not allowed to work here, Farrera-Brochez, who is HIV-positive, conspired with Ler to falsify his blood test results.
To successfully apply for an employment pass to stay here with his boyfriend, Farrera-Brochez submitted a HIV-negative test result to MOM in March 2008 using Ler's blood for the test.
He visited a clinic in Commonwealth, where Ler was on duty as a locum GP, for a medical examination.
Ler had drawn blood from his left arm earlier that day and labelled the test tube with Farrera-Brochez's particulars.
Farrera-Brochez got his EP, and worked as a polytechnic lecturer.
Using the same ruse, the pair duped the authorities again in 2013, when Farrera-Brochez tried to apply for a Personalised Employment Pass.
Investigations later revealed that his various educational certificates, including one from the University of Paris, were forged.
He was also found guilty of possessing a ketamine and cannabis mixture in May 2016.
The American was remanded in prison in June 2016, and sentenced to 28 months in jail for fraud and drug-related offences in 2017.
Upon his release from prison in April last year, Farrera-Brochez was deported. He is not in Singapore, and his whereabouts are not known.
Meanwhile, Ler was charged in 2016 under the Penal Code and Official Secrets Act (OSA).
He was convicted in September last year of abetting Farrera-Brochez to cheat and of providing false information to the police and Ministry of Health (MOH).
Sentenced to two years in jail, Ler is appealing against the sentence, with the hearing scheduled for March.
Meanwhile, he is still on the Singapore Medical Council's Register of Medical Practitioners. But he does not have a practising certificate or access to MOH and public healthcare IT systems with patient records.
"In particular, he has had no access to the National Electronic Health Record system since January 2014. He will not be permitted access to any of these systems," said MOH
As the head of MOH's National Public Health Unit from March 2012 to May 2013, Ler could access information in the HIV Registry for his work purposes.
He resigned in January 2014.
It was from his mishandling of information that the leak of HIV Registry information is believed to have taken place. This includes not having complied with policies and guidelines on the handling of critical information.
Ler has also been charged under the OSA for failing to take reasonable care of confidential information regarding HIV-positive patients. This charge is pending before the courts.
Doctor in data leak incident can no longer practise medicine here
36-year-old still on practitioners' register but no longer has the certificate to practise and cannot access patient records
By Salma Khalik, Senior Health Correspondent, The Straits Times, 29 Jan 2019
The doctor whose boyfriend leaked the details of 14,200 people with HIV, and another 2,400 of their contacts - including sexual partners and drug users who could also be at risk of infection - is still on the Register of Medical Practitioners.
But he no longer has a certificate to practise medicine in Singapore.
Ler Teck Siang, 36, also does not have access to the confidential information of patients in the National Electronic Health Records (NEHR), which includes all public-sector patients.
The Ministry of Health (MOH) said: "Ler remains registered as a doctor, but he currently does not have access to MOH and public healthcare IT systems with patient records. In particular, he has had no access to the NEHR system since January 2014. He will not be permitted access to any of these systems."
When asked why he has not been taken off the Register of Medical Practitioners, Singapore Medical Council (SMC) Registrar Benjamin Ong said the council has to follow due process.
Associate Professor Ong, who is also director of medical services at MOH, said Ler has appealed against his conviction and 24-month jail sentence - for abetment of cheating and for giving a false statement to a public servant - and the appeal will be heard in March.
Ler had given a sample of his blood in place of that of his HIV-positive boyfriend, Mikhy Farrera-Brochez so that the American could pass medical tests to work in Singapore.
Now, he faces another charge of mishandling information under the Official Secrets Act (OSA) while he was head of the National Public Health Unit.
That resulted in the details of all 14,200 people diagnosed with HIV here since 1985 - until 2013 for locals and 2011 for foreigners - landing in the hands of Farrera-Brochez. The American also has the personal details of 2,400 people who were their contacts.
Farrera-Brochez, 33, recently released these details online.
Meanwhile, the charge against Ler under the OSA is pending his appeal on the earlier charges. Historically, the SMC does not take action against a doctor until any legal appeal has been disposed of.
MOH'S DECISION TO ANNOUNCE THE LEAK
Mr Chan Heng Kee, Permanent Secretary at MOH, said several factors are considered in deciding whether to go public with such incidents.
The key consideration is patients' interest and well-being.
He said: "From there, we consider factors (such as) whether the information was secured. Whether the information was publicly disclosed. Whether there is a continuing risk of the information being exposed even if we were able to secure.
"And also the concerns that individuals might have, should the incident be made public."
In this case, the information has been disclosed online.
He added: "Certainly in the case where the information has been contained, we would take a more conservative approach."
The other reason is that more than half those affected are foreigners, and it will be difficult for the ministry to contact them.
Going public may get those with concerns to contact MOH.
CONFIDENTIAL INFORMATION COULD RESURFACE IN FUTURE
The authorities have blocked online access to the details put out by Farrera-Brochez. But they were not able to retrieve the information from him as they have not been able to get in touch with him since he is no longer in Singapore.
Mr Chan said: "(Since) he is still in possession of the information, it is possible that it could still be publicly disclosed."
It is also possible that others have got copies of the information now that he has put it online, or because it was given to them by him.
MOH HAS NO STATUTORY IMMUNITY
MOH "has no statutory immunity" and, hence, cannot "rule out the possibility of lawsuits" as a result of this breach. Mr Chan said that a lot would depend on what the police uncover in their investigation.
However, MOH is doing everything possible to help those affected, including providing a hotline and counsellors. Many of those contacted were anxious, distressed and concerned, he said. As at 4pm yesterday, over 1,000 had been contacted.
STEPS TAKEN TO PREVENT LEAKS
Associate Professor Vernon Lee, director of the communicable diseases division at the ministry, said safeguards against such a breach had been rolled out since 2016.
Now, two people must give approval before the information can be downloaded and decrypted. This has to be done at a designated workstation that is "specifically configured and locked down" to prevent the unauthorised removal of information.
36-year-old still on practitioners' register but no longer has the certificate to practise and cannot access patient records
By Salma Khalik, Senior Health Correspondent, The Straits Times, 29 Jan 2019
The doctor whose boyfriend leaked the details of 14,200 people with HIV, and another 2,400 of their contacts - including sexual partners and drug users who could also be at risk of infection - is still on the Register of Medical Practitioners.
But he no longer has a certificate to practise medicine in Singapore.
Ler Teck Siang, 36, also does not have access to the confidential information of patients in the National Electronic Health Records (NEHR), which includes all public-sector patients.
The Ministry of Health (MOH) said: "Ler remains registered as a doctor, but he currently does not have access to MOH and public healthcare IT systems with patient records. In particular, he has had no access to the NEHR system since January 2014. He will not be permitted access to any of these systems."
When asked why he has not been taken off the Register of Medical Practitioners, Singapore Medical Council (SMC) Registrar Benjamin Ong said the council has to follow due process.
Associate Professor Ong, who is also director of medical services at MOH, said Ler has appealed against his conviction and 24-month jail sentence - for abetment of cheating and for giving a false statement to a public servant - and the appeal will be heard in March.
Ler had given a sample of his blood in place of that of his HIV-positive boyfriend, Mikhy Farrera-Brochez so that the American could pass medical tests to work in Singapore.
Now, he faces another charge of mishandling information under the Official Secrets Act (OSA) while he was head of the National Public Health Unit.
That resulted in the details of all 14,200 people diagnosed with HIV here since 1985 - until 2013 for locals and 2011 for foreigners - landing in the hands of Farrera-Brochez. The American also has the personal details of 2,400 people who were their contacts.
Farrera-Brochez, 33, recently released these details online.
Meanwhile, the charge against Ler under the OSA is pending his appeal on the earlier charges. Historically, the SMC does not take action against a doctor until any legal appeal has been disposed of.
MOH'S DECISION TO ANNOUNCE THE LEAK
Mr Chan Heng Kee, Permanent Secretary at MOH, said several factors are considered in deciding whether to go public with such incidents.
The key consideration is patients' interest and well-being.
He said: "From there, we consider factors (such as) whether the information was secured. Whether the information was publicly disclosed. Whether there is a continuing risk of the information being exposed even if we were able to secure.
"And also the concerns that individuals might have, should the incident be made public."
In this case, the information has been disclosed online.
He added: "Certainly in the case where the information has been contained, we would take a more conservative approach."
The other reason is that more than half those affected are foreigners, and it will be difficult for the ministry to contact them.
Going public may get those with concerns to contact MOH.
CONFIDENTIAL INFORMATION COULD RESURFACE IN FUTURE
The authorities have blocked online access to the details put out by Farrera-Brochez. But they were not able to retrieve the information from him as they have not been able to get in touch with him since he is no longer in Singapore.
Mr Chan said: "(Since) he is still in possession of the information, it is possible that it could still be publicly disclosed."
It is also possible that others have got copies of the information now that he has put it online, or because it was given to them by him.
MOH HAS NO STATUTORY IMMUNITY
MOH "has no statutory immunity" and, hence, cannot "rule out the possibility of lawsuits" as a result of this breach. Mr Chan said that a lot would depend on what the police uncover in their investigation.
However, MOH is doing everything possible to help those affected, including providing a hotline and counsellors. Many of those contacted were anxious, distressed and concerned, he said. As at 4pm yesterday, over 1,000 had been contacted.
STEPS TAKEN TO PREVENT LEAKS
Associate Professor Vernon Lee, director of the communicable diseases division at the ministry, said safeguards against such a breach had been rolled out since 2016.
Now, two people must give approval before the information can be downloaded and decrypted. This has to be done at a designated workstation that is "specifically configured and locked down" to prevent the unauthorised removal of information.
Data of 14,200 with HIV leaked online: Victims of incident stunned and worried
By Cheryl Teh, The Straits Times, 29 Jan 2019
The revelation that the personal information of 14,200 people with HIV was leaked has stunned those living with the virus here.
Patients like 45-year-old Mr G. Chew told The Straits Times the leak has put both his personal and professional reputation at risk.
By Cheryl Teh, The Straits Times, 29 Jan 2019
The revelation that the personal information of 14,200 people with HIV was leaked has stunned those living with the virus here.
Patients like 45-year-old Mr G. Chew told The Straits Times the leak has put both his personal and professional reputation at risk.
"My company is aware that I have HIV, and I am fairly open about it to well-meaning friends who ask me about my illness out of genuine concern," said Mr Chew, an administrative officer, who was informed by the Ministry of Health (MOH) that he was affected by the data leak.
"However, I definitely fear that all this personal information might be publicly available to people at my workplace and beyond to scrutinise. Also, it is the Internet - once it is up there and shared over and over, it is unerasable.
"There is still a great stigma against people who have HIV. Information that I have HIV is definitely not something I want online. It is not like it is an award."
When Jay (not his real name), who is in his 20s, heard news of the leak, his first thought was of his 60-year-old mother and the harassment and judgment she could face from family and friends.
"Having HIV is to me an embarrassing thing and definitely an extremely private matter," Jay told ST, adding that only one close friend knows about his illness. He was diagnosed around 2011, which means he is among the affected individuals, though he has not been contacted by MOH. A total of 5,400 Singaporeans and permanent residents diagnosed with HIV up to January 2013 have been affected by the leak.
"I have not told my mother about it, and I don't intend to. I have accepted that Aids is what I have to live with forever, but I am afraid that if this information is made public, my family and close friends will be ostracised and laughed at," Jay added.
MOH revealed that some 1,900 names in the leaked data were of people who had already died.
Ms C. Koh, 31, said she suspects her late brother, who was diagnosed in 2008 and died of HIV-related medical complications in 2016, might be on the list. She said she hopes her family would receive advice from MOH on what to do if their deceased family member's data has indeed been leaked.
"After my brother passed, my father and I thought that this situation could be put to bed. We are very concerned that his data - including our home address - might be spread online by malicious people," Ms Koh said.
"This is opening old wounds for us, and the idea that my late brother's personal data is, even now, not secure, is very disturbing. We want to know why people like him are being targeted."
In a statement last night, Professor Roy Chan, president of the Action for Aids advocacy group, said it was "deeply troubled by this incident that has the potential of damaging the lives of persons living with HIV and their loved ones".
"We stand with all whose private information may have been accessed and violated. This is a criminal act that should be condemned and answered in the most severe terms possible," he added.
Help available for those affected
The Straits Times, 29 Jan 2019
The Ministry of Health (MOH) said that it has been progressively contacting individuals affected by the HIV Registry leak since Saturday to notify them and provide assistance.
Among the 5,400 Singaporeans and permanent residents whose data had been leaked, 1,900 have died.
Mr Chan Heng Kee, Permanent Secretary for Health, said that the ministry is reaching out to the remaining 3,500 individuals.
An MOH spokesman said that the ministry has attempted to contact all of them, but has not reached all successfully.
As of 4pm yesterday, more than 1,000 out of the 3,500 individuals had been contacted successfully.
Members of the public who come across any information related to this incident have been asked to notify MOH immediately and not share it further.
They can provide the information or raise other concerns to the ministry by calling the hotline on 6325-9220.
Mr Chan said that there are also counsellors on standby to help those affected deal with any anxiety, distress and concerns they may have.
Individuals can also call the hotline should they have additional concerns a few days after the initial phone call and conversation.
Tangled web of love and lies led to HIV data leak affecting many
Two men who met online and fell in love end up stripping thousands of their right to privacy
By Salma Khalik, Senior Health Correspondent, The Straits Times, 30 Jan 2019
It was a love story that progressed through a series of lies to the authorities.
When the lies were uncovered, and they were separated, one of them decided to make others pay for it - by revealing online the identities and details of 14,200 people who had HIV, like him.
It was confidential data from the Ministry of Health (MOH), which had allegedly been downloaded by his partner who worked there.
Ironically, when he was in court accused of cheating and drug-related offences, Mikhy Farrera Brochez referred to a data leak at the MOH.
"He went into a tirade about being a victim of blackmail and an alleged data leak at MOH," Judge Jasvender Kaur noted while sentencing him in 2017. "He even alleged that the prosecution was politically motivated. It was clear that the accused was unremorseful."
Brochez, 33, had referred to the data leak on his own, even though his own case then had nothing to do with it.
It is only now, months after he was deported from Singapore and separated from his partner Ler Teck Siang, 36, a doctor, that he has unleashed the data that Ler is accused of mishandling under the Official Secrets Act.
Their love story had taken strange twists. Both were in their early 20s when they fell in love after meeting online in 2007.
Brochez, who was around 21 then, had no family ties in the United States other than a grandfather who was in his late 70s.
He decided to uproot from his home country and join Ler, then about 24 and practising as a doctor in Singapore.
Brochez, who is of Jewish-Spanish descent, arrived in January 2008 and moved into Ler's private apartment at 20 Craig Road.
In March, using a fake Bahamian passport with the name Malatesta da Farrera-Brochez, the American took an HIV test at a Singapore Anti-Tuberculosis Association (Sata) clinic. He tested positive.
The couple knew that Singapore would not grant him an employment pass if that surfaced.
So, when Brochez needed a clean blood test to get an employment pass, it started a chain of deception which was to drag both men through court and see the personal details of thousands with HIV splashed online.
At that time, Ler was working as a locum at My Family Clinic in Commonwealth Drive. On the morning of March 13, 2008, before leaving for work, he drew blood from his left arm and stored it in a test tube, which he took to the clinic.
Brochez went to the clinic the same evening for a blood test required by the Ministry of Manpower (MOM) for his application to work here. There, Ler took the tube of his own blood and labelled it with Brochez's details.
The blood test came up clean and Brochez received his employment pass later that month.
Using faked certificates, he landed a job at Temasek Polytechnic, teaching students early childhood studies and psychology.
Meanwhile, Ler joined the MOH and was head of its National Public Health Unit (NPHU) from March 2012 until May 2013.
That gave him access to the details of all 14,200 people who had tested positive here for the human immunodeficiency virus since 1985 - up to January 2013 in the case of locals, and up to December 2011 in the case of foreigners.
Using his position as head of the unit which gave him full access, Ler downloaded the confidential information onto a thumb drive. Somehow, it ended up in Brochez's hands.
Ironically, at one point when they had relationship problems, Brochez even complained to MOH that Ler was taking screenshots of the HIV Registry. An investigation was launched and Ler was transferred to the TB control unit.
Meanwhile, on Oct 3, 2013, having confirmed that the HIV-positive test done at a Sata clinic in March 2008 belonged to Brochez, MOH informed MOM that the American had faked his blood test.
A few days later, MOM confronted Brochez with this allegation. He denied the charge and offered to "prove" that he was innocent.
The whole rigmarole of faking the blood test was repeated in November when the American went to Twin City Medical Centre at Great World City, where Ler was working as a locum. Again, it was Ler's blood that was tested. Again the test came out clean.
Meanwhile, suspicion had been aroused and a police report was lodged against Brochez on Dec 11, 2013, for cheating on the second blood test.
The following month, in January 2014, Ler resigned from his position at the MOH, though it is not known why.
Shortly after this, the two men went to the United States, where they got married in New York City on April 24, 2014. Then they returned to Singapore and in May that year, Brochez lied to a police inspector that it was his own blood that had been tested.
Two years later, another tip-off exposed his web of lies.
In May 2016, the MOH was told that Brochez possessed confidential information that had come from the HIV Registry. It lodged a police report.
On May 24, 2016, both men were arrested as their old lies about the faked blood tests came back to haunt them. At around 10pm that night, the police searched the men's home at Lorong N Telok Kurau. There they found drugs, including cannabis and ketamine.
Police also seized and secured all "relevant material".
The police found certificates of a bachelor's degree, a master's and a doctorate - supposedly from the University of Paris - which had enabled Brochez to teach in Singapore and attend conferences.
Brochez's degree certificates, too, were found to have been faked.
In his defence, he said that he and Ler were in love and the only way for them to be together was to fake the blood test on account of "discriminatory" laws in Singapore.
On March 28, 2017, Brochez was sentenced to 28 months in jail. Since he had already spent time in custody before that, he was released from prison in April last year. He was then deported.
There was another twist to come. After he had left Singapore, the MOH got yet another tip-off in May last year that Brochez still had the information stolen from the HIV Registry.
The ministry lodged another police report and tried to contact and tell affected people of this breach.
Then, on Jan 22, the police told the ministry that Brochez may have made the confidential information public. In a couple of days, MOH was able to ascertain that the data was from the HIV Registry.
Details of thousands of people with HIV had been put online and Brochez, who has long left Singapore, could make the information public again - even though the current links have been blocked.
Ler, meanwhile, had been sentenced to 24 months in jail in September last year for abetting Brochez's cheating offence. He has appealed against the sentence and also faces another charge of mishandling confidential information under the Official Secrets Act.
While he remains a doctor for now, his certificate to practise medicine here expired at the end of last year and has not been renewed.
The Singapore Medical Council told The Straits Times: "Dr Ler Teck Siang's Practising Certificate (PC) expired on Dec 31, 2018.
"The renewal of his PC is under review as he was convicted in September 2018 of abetting Brochez to commit cheating and providing false information to the police and the Ministry of Health, and sentenced to 24 months' imprisonment, and he currently faces other pending charges under the Official Secrets Act and Misuse of Drugs Act."
Meanwhile, amid this tangled love affair, thousands of people with HIV have been stripped of their right to keep that information confidential.
The Straits Times, 29 Jan 2019
The Ministry of Health (MOH) said that it has been progressively contacting individuals affected by the HIV Registry leak since Saturday to notify them and provide assistance.
Among the 5,400 Singaporeans and permanent residents whose data had been leaked, 1,900 have died.
Mr Chan Heng Kee, Permanent Secretary for Health, said that the ministry is reaching out to the remaining 3,500 individuals.
An MOH spokesman said that the ministry has attempted to contact all of them, but has not reached all successfully.
As of 4pm yesterday, more than 1,000 out of the 3,500 individuals had been contacted successfully.
Members of the public who come across any information related to this incident have been asked to notify MOH immediately and not share it further.
They can provide the information or raise other concerns to the ministry by calling the hotline on 6325-9220.
Mr Chan said that there are also counsellors on standby to help those affected deal with any anxiety, distress and concerns they may have.
Individuals can also call the hotline should they have additional concerns a few days after the initial phone call and conversation.
Tangled web of love and lies led to HIV data leak affecting many
Two men who met online and fell in love end up stripping thousands of their right to privacy
By Salma Khalik, Senior Health Correspondent, The Straits Times, 30 Jan 2019
It was a love story that progressed through a series of lies to the authorities.
When the lies were uncovered, and they were separated, one of them decided to make others pay for it - by revealing online the identities and details of 14,200 people who had HIV, like him.
It was confidential data from the Ministry of Health (MOH), which had allegedly been downloaded by his partner who worked there.
Ironically, when he was in court accused of cheating and drug-related offences, Mikhy Farrera Brochez referred to a data leak at the MOH.
"He went into a tirade about being a victim of blackmail and an alleged data leak at MOH," Judge Jasvender Kaur noted while sentencing him in 2017. "He even alleged that the prosecution was politically motivated. It was clear that the accused was unremorseful."
Brochez, 33, had referred to the data leak on his own, even though his own case then had nothing to do with it.
It is only now, months after he was deported from Singapore and separated from his partner Ler Teck Siang, 36, a doctor, that he has unleashed the data that Ler is accused of mishandling under the Official Secrets Act.
Their love story had taken strange twists. Both were in their early 20s when they fell in love after meeting online in 2007.
Brochez, who was around 21 then, had no family ties in the United States other than a grandfather who was in his late 70s.
He decided to uproot from his home country and join Ler, then about 24 and practising as a doctor in Singapore.
Brochez, who is of Jewish-Spanish descent, arrived in January 2008 and moved into Ler's private apartment at 20 Craig Road.
In March, using a fake Bahamian passport with the name Malatesta da Farrera-Brochez, the American took an HIV test at a Singapore Anti-Tuberculosis Association (Sata) clinic. He tested positive.
The couple knew that Singapore would not grant him an employment pass if that surfaced.
So, when Brochez needed a clean blood test to get an employment pass, it started a chain of deception which was to drag both men through court and see the personal details of thousands with HIV splashed online.
At that time, Ler was working as a locum at My Family Clinic in Commonwealth Drive. On the morning of March 13, 2008, before leaving for work, he drew blood from his left arm and stored it in a test tube, which he took to the clinic.
Brochez went to the clinic the same evening for a blood test required by the Ministry of Manpower (MOM) for his application to work here. There, Ler took the tube of his own blood and labelled it with Brochez's details.
The blood test came up clean and Brochez received his employment pass later that month.
Using faked certificates, he landed a job at Temasek Polytechnic, teaching students early childhood studies and psychology.
Meanwhile, Ler joined the MOH and was head of its National Public Health Unit (NPHU) from March 2012 until May 2013.
That gave him access to the details of all 14,200 people who had tested positive here for the human immunodeficiency virus since 1985 - up to January 2013 in the case of locals, and up to December 2011 in the case of foreigners.
Using his position as head of the unit which gave him full access, Ler downloaded the confidential information onto a thumb drive. Somehow, it ended up in Brochez's hands.
Ironically, at one point when they had relationship problems, Brochez even complained to MOH that Ler was taking screenshots of the HIV Registry. An investigation was launched and Ler was transferred to the TB control unit.
Meanwhile, on Oct 3, 2013, having confirmed that the HIV-positive test done at a Sata clinic in March 2008 belonged to Brochez, MOH informed MOM that the American had faked his blood test.
A few days later, MOM confronted Brochez with this allegation. He denied the charge and offered to "prove" that he was innocent.
The whole rigmarole of faking the blood test was repeated in November when the American went to Twin City Medical Centre at Great World City, where Ler was working as a locum. Again, it was Ler's blood that was tested. Again the test came out clean.
Meanwhile, suspicion had been aroused and a police report was lodged against Brochez on Dec 11, 2013, for cheating on the second blood test.
The following month, in January 2014, Ler resigned from his position at the MOH, though it is not known why.
Shortly after this, the two men went to the United States, where they got married in New York City on April 24, 2014. Then they returned to Singapore and in May that year, Brochez lied to a police inspector that it was his own blood that had been tested.
Two years later, another tip-off exposed his web of lies.
In May 2016, the MOH was told that Brochez possessed confidential information that had come from the HIV Registry. It lodged a police report.
On May 24, 2016, both men were arrested as their old lies about the faked blood tests came back to haunt them. At around 10pm that night, the police searched the men's home at Lorong N Telok Kurau. There they found drugs, including cannabis and ketamine.
Police also seized and secured all "relevant material".
The police found certificates of a bachelor's degree, a master's and a doctorate - supposedly from the University of Paris - which had enabled Brochez to teach in Singapore and attend conferences.
Brochez's degree certificates, too, were found to have been faked.
In his defence, he said that he and Ler were in love and the only way for them to be together was to fake the blood test on account of "discriminatory" laws in Singapore.
On March 28, 2017, Brochez was sentenced to 28 months in jail. Since he had already spent time in custody before that, he was released from prison in April last year. He was then deported.
There was another twist to come. After he had left Singapore, the MOH got yet another tip-off in May last year that Brochez still had the information stolen from the HIV Registry.
The ministry lodged another police report and tried to contact and tell affected people of this breach.
Then, on Jan 22, the police told the ministry that Brochez may have made the confidential information public. In a couple of days, MOH was able to ascertain that the data was from the HIV Registry.
Details of thousands of people with HIV had been put online and Brochez, who has long left Singapore, could make the information public again - even though the current links have been blocked.
Ler, meanwhile, had been sentenced to 24 months in jail in September last year for abetting Brochez's cheating offence. He has appealed against the sentence and also faces another charge of mishandling confidential information under the Official Secrets Act.
While he remains a doctor for now, his certificate to practise medicine here expired at the end of last year and has not been renewed.
The Singapore Medical Council told The Straits Times: "Dr Ler Teck Siang's Practising Certificate (PC) expired on Dec 31, 2018.
"The renewal of his PC is under review as he was convicted in September 2018 of abetting Brochez to commit cheating and providing false information to the police and the Ministry of Health, and sentenced to 24 months' imprisonment, and he currently faces other pending charges under the Official Secrets Act and Misuse of Drugs Act."
Meanwhile, amid this tangled love affair, thousands of people with HIV have been stripped of their right to keep that information confidential.
Ministry of Manpower: HIV-positive staff protected from wrongful dismissal
By Joyce Lim, Senior Correspondent, The Straits Times, 31 Jan 2019
Laws are in place to protect HIV-positive local employees from wrongful dismissal, said the Ministry of Manpower (MOM).
It added that it has not received any past complaints or appeals against wrongful dismissal on the grounds of an employee's HIV status.
Responding to queries from The Straits Times, MOM said yesterday: "The Employment Act empowers the Minister for Manpower to direct an employer to reinstate an employee who has been wrongfully dismissed in his former job and to pay the employee for the loss of income, or direct the employer to compensate the employee.
"In the case of a unionised employee, the union may appeal to the Minister for Manpower under the Industrial Relations Act."
It also called on all employers "to treat employees fairly and based on merit, and not discriminate against any employee just because of his or her HIV status".
A dismissal can be deemed wrongful if there has been discrimination on any of various grounds, including a medical condition.
But a human resource director in the hospitality industry said she would sack her service staff if they were among the 14,200 people diagnosed with HIV and named in the leaked data.
"If it is a service staff who handles food, he will endanger the health of others he comes into contact with, especially when he has an open wound," she said.
Action for Aids (AfA) president Roy Chan, who is also a medical doctor, said such "uncalled for and unjustified" reactions stop people with HIV from revealing their condition.
The data breach - in which confidential details such as names, addresses and HIV status were leaked online-has resulted in much anxiety within the community.
"HIV is infectious through sexual activity and not through contact in the social environment. In fact, patients on treatment are not infectious to others when they have sex," said Professor Chan.
"You don't get fired for having tuberculosis or malaria. Why HIV? Now, it can be treated. We are keeping them alive, and they need to earn a living so they can pay for their treatment."
AfA saw eight cases of wrongful dismissal last year.
Some employers said they would transfer staff with HIV to positions they deem less risky.
A HR manager in the healthcare sector said all company staff have to go through HIV tests. Those who test positive are kept away from contact with patients.
"HIV is not the end of employment. We will redeploy them to other positions," said the manager.
In a Facebook post yesterday, Speaker of Parliament Tan Chuan-Jin called on Singaporeans to be more empathetic and not participate in the online hate towards those named in the data leak.
"It is tremendously challenging for those whose names may be in the lists. They are fearful and traumatised. But they are fearful and traumatised because they fear the response and reactions of their loved ones, colleagues, friends. And the public. Our response," Mr Tan wrote.
Prof Chan urged the authorities to review the laws which he felt are "out of date and out of line with what we try to say". For example, he would like to see foreigners with HIV be allowed to work here.
Currently, MOM reviews the medical examination reports of all foreign workers as part of the work pass application process.
Those found to have specific infectious diseases, including HIV, are not issued work passes and must leave Singapore.
The Health Ministry said in 2005 that measures like HIV screening of foreigners seeking immigration passes and deporting those infected were put in place to safeguard the public health of locals.
* Parliament: Gan Kim Yong defends how HIV data breach has been handled
Judgment call was made balancing need for transparency and impact on those affected
By Salma Khalik, Senior Health Correspondent, The Straits Times, 13 Feb 2019
Health Minister Gan Kim Yong yesterday defended the way the authorities handled the HIV Registry data breach, and said public disclosure of the matter was a judgment call balancing the need to be transparent and how it would affect the people on the list.
He told Parliament that while action has been taken to delete the information that had been leaked, the authorities are still monitoring further exposure of the data.
Last month, the Government revealed that details of 14,200 Singaporeans and foreigners diagnosed with HIV were stolen and posted online. The person who did it was American lecturer Mikhy Farrera Brochez, who was deported last year after serving a jail term for fraud and drug-related offences.
Brochez, who is HIV-positive, had twice used the blood of his doctor boyfriend Ler Teck Siang for an HIV test to get an Employment Pass.
Ler was head of the National Public Health Unit and had downloaded the HIV Registry onto a thumb drive. Brochez got his hands on it.
In a ministerial statement after MPs raised questions on how the matter had been handled, Mr Gan said that the well-being of those on the registry weighed heavily in how the authorities responded.
When the Ministry of Health (MOH) first found out in 2016 that Brochez had access to the confidential information, it had to decide whether to inform those affected and to publicise the matter.
The decision in 2016 was not to inform those on the list or make the data breach public.
Some were foreigners who had applied for work passes but never worked in Singapore. Others had previously worked in Singapore but are no longer here.
Of the 14,200 people whose personal information was leaked by American Mikhy Farrera Brochez on Jan 22, 8,800 were foreigners and the remaining 5,400 Singaporeans and permanent residents. Of the Singaporeans, 3,500 are alive.
Mr Gan said MOH's medical social workers identified the patients likely to require more support so that designated officers could exercise extra care when calling them. Counsellors were also on standby to speak to those in distress or who required more advice and support.
He noted that some affected individuals may prefer to discuss their concerns with those they are more familiar with, such as the medical social workers, nurses and doctors who have been supporting their ongoing care and treatment.
"We have arranged with the relevant public hospitals to have medical social workers and doctors on site to attend to them," said Mr Gan.
"Understandably, despite these efforts, some will continue to be concerned. Some may decline to return to care because of the fear of future disclosure. Some felt we should have just informed the affected individuals. A few wished they had not been called at all."
Mr Gan said medical social workers were themselves distressed by the news they had to break, and felt the anguish that the patients experienced when they were told.
He added that they had to conduct the calls carefully and gently, and be alert to signs of distress so that they could help the patients appropriately. The medical social workers have, at times, become the target of anger and blame, but still would do their best to support the affected persons, said Mr Gan.
"These reactions are not unexpected. They were the reasons we made a judgment call in 2016 not to make a public announcement, and in 2018 to inform only the affected patients," he added.
Several MPs asked how MOH will help to destigmatise HIV following the leak. Nominated MP Walter Theseira suggested changes to immigration and employment restrictions on foreigners with HIV.
Mr Gan said such policies are reviewed regularly, taking into account international practices and the concerns of Singaporeans. Some adjustments, like lifting the restriction on people living with HIV coming here for short-term stays, have been made over the years.
But he said the Government must be very cautious in approaching the issue as HIV remains "a very serious infectious disease". Restrictions on long-term stays remain in place.
Mr Gan said HIV testing and counselling services are more widely available, with 10 sites across the island offering anonymous testing.
He also said that MOH will continue to work with groups like Action for Aids to step up public education, stigma reduction, treatment and counselling, but that destigmatisation efforts have to cut across society.
"How each of us as individuals relates to persons with HIV also matters a lot," said Mr Gan.
"Here, I would like to appeal to Singaporeans to stand in support of these affected individuals and our efforts to fight the stigma against persons living with HIV."
By Joyce Lim, Senior Correspondent, The Straits Times, 31 Jan 2019
Laws are in place to protect HIV-positive local employees from wrongful dismissal, said the Ministry of Manpower (MOM).
It added that it has not received any past complaints or appeals against wrongful dismissal on the grounds of an employee's HIV status.
Responding to queries from The Straits Times, MOM said yesterday: "The Employment Act empowers the Minister for Manpower to direct an employer to reinstate an employee who has been wrongfully dismissed in his former job and to pay the employee for the loss of income, or direct the employer to compensate the employee.
"In the case of a unionised employee, the union may appeal to the Minister for Manpower under the Industrial Relations Act."
It also called on all employers "to treat employees fairly and based on merit, and not discriminate against any employee just because of his or her HIV status".
A dismissal can be deemed wrongful if there has been discrimination on any of various grounds, including a medical condition.
But a human resource director in the hospitality industry said she would sack her service staff if they were among the 14,200 people diagnosed with HIV and named in the leaked data.
"If it is a service staff who handles food, he will endanger the health of others he comes into contact with, especially when he has an open wound," she said.
Action for Aids (AfA) president Roy Chan, who is also a medical doctor, said such "uncalled for and unjustified" reactions stop people with HIV from revealing their condition.
The data breach - in which confidential details such as names, addresses and HIV status were leaked online-has resulted in much anxiety within the community.
"HIV is infectious through sexual activity and not through contact in the social environment. In fact, patients on treatment are not infectious to others when they have sex," said Professor Chan.
"You don't get fired for having tuberculosis or malaria. Why HIV? Now, it can be treated. We are keeping them alive, and they need to earn a living so they can pay for their treatment."
AfA saw eight cases of wrongful dismissal last year.
Some employers said they would transfer staff with HIV to positions they deem less risky.
A HR manager in the healthcare sector said all company staff have to go through HIV tests. Those who test positive are kept away from contact with patients.
"HIV is not the end of employment. We will redeploy them to other positions," said the manager.
In a Facebook post yesterday, Speaker of Parliament Tan Chuan-Jin called on Singaporeans to be more empathetic and not participate in the online hate towards those named in the data leak.
"It is tremendously challenging for those whose names may be in the lists. They are fearful and traumatised. But they are fearful and traumatised because they fear the response and reactions of their loved ones, colleagues, friends. And the public. Our response," Mr Tan wrote.
Prof Chan urged the authorities to review the laws which he felt are "out of date and out of line with what we try to say". For example, he would like to see foreigners with HIV be allowed to work here.
Currently, MOM reviews the medical examination reports of all foreign workers as part of the work pass application process.
Those found to have specific infectious diseases, including HIV, are not issued work passes and must leave Singapore.
The Health Ministry said in 2005 that measures like HIV screening of foreigners seeking immigration passes and deporting those infected were put in place to safeguard the public health of locals.
* Parliament: Gan Kim Yong defends how HIV data breach has been handled
Judgment call was made balancing need for transparency and impact on those affected
By Salma Khalik, Senior Health Correspondent, The Straits Times, 13 Feb 2019
Health Minister Gan Kim Yong yesterday defended the way the authorities handled the HIV Registry data breach, and said public disclosure of the matter was a judgment call balancing the need to be transparent and how it would affect the people on the list.
He told Parliament that while action has been taken to delete the information that had been leaked, the authorities are still monitoring further exposure of the data.
Last month, the Government revealed that details of 14,200 Singaporeans and foreigners diagnosed with HIV were stolen and posted online. The person who did it was American lecturer Mikhy Farrera Brochez, who was deported last year after serving a jail term for fraud and drug-related offences.
Brochez, who is HIV-positive, had twice used the blood of his doctor boyfriend Ler Teck Siang for an HIV test to get an Employment Pass.
Ler was head of the National Public Health Unit and had downloaded the HIV Registry onto a thumb drive. Brochez got his hands on it.
In a ministerial statement after MPs raised questions on how the matter had been handled, Mr Gan said that the well-being of those on the registry weighed heavily in how the authorities responded.
When the Ministry of Health (MOH) first found out in 2016 that Brochez had access to the confidential information, it had to decide whether to inform those affected and to publicise the matter.
"These were not straightforward decisions. On the one hand, there is the need to be transparent. On the other hand, we need to consider the impact of an announcement on the affected persons with HIV - would it serve their interest, or harm them instead?" he said. Doctors at MOH felt that particular attention had to be paid to the concerns of HIV patients, as HIV status is a deeply emotional and personal matter.
At that time, there was also no evidence that the confidential information had been disseminated to the public. Whatever data Brochez had revealed had also been seized or deleted by the police, said Mr Gan.
The decision in 2016 was not to inform those on the list or make the data breach public.
But last year, when Brochez sent a screenshot of 31 registry records to several government agencies, MOH decided to contact and alert the 31 affected individuals as it could not retrieve the screenshot.
Mr Gan said MOH did not disclose the leak then as there was no evidence that Brochez had more than these records. It also felt a public announcement could create anxiety and distress among all whose names were on the registry.
Then last month, when Brochez put the full contents of the HIV Registry up to January 2013 online and provided the link to a non-government party, the likelihood of the identities being made public increased significantly.
"MOH therefore decided to make a public announcement on Jan 28 even though we remained deeply concerned about the impact this would have on the affected persons," said Mr Gan.
Then last month, when Brochez put the full contents of the HIV Registry up to January 2013 online and provided the link to a non-government party, the likelihood of the identities being made public increased significantly.
"MOH therefore decided to make a public announcement on Jan 28 even though we remained deeply concerned about the impact this would have on the affected persons," said Mr Gan.
"We sought to quickly contact each of the affected individuals to inform them of the circumstances and also offer them assistance prior to the announcement. We worked with the police and other relevant parties to disable access to the information as quickly as possible."
Mr Gan stressed that at each juncture in 2016, last year and this year, MOH had to make judgment calls.
Mr Gan stressed that at each juncture in 2016, last year and this year, MOH had to make judgment calls.
"It is arguable that MOH should have made a different call. But I reject any allegation that MOH sought to cover up the incident," he said, alluding to comments that the ministry had been less than open about the matter. He added: "On all three occasions, MOH's primary concern was the well-being of the persons on the HIV Registry."
He also elaborated on how the ministry had been tightening security of the HIV Registry since 2012, even before the issue surfaced.
Wrapping up, he said this has been "a regrettable incident caused by the irresponsible and deplorable actions of two individuals".
Ler betrayed the trust of the ministry and the medical profession.
Mr Gan said: "I am sorry that the irresponsible actions of one of our officers have resulted in such distress to the affected persons."
As for Brochez, he said: "We will spare no effort in bringing him to justice again for his latest crime."
As for Brochez, he said: "We will spare no effort in bringing him to justice again for his latest crime."
How the HIV data leak was handled
In Parliament yesterday, Health Minister Gan Kim Yong explained how information from Singapore's HIV Registry had fallen into the wrong hands and was disclosed online, and what action the authorities took.
By Rei Kurohi, The Straits Times, 13 Feb 2019
NOV 2012
American lecturer Mikhy Farrera Brochez complains to the Ministry of Health (MOH) that his Singaporean boyfriend Ler Teck Siang, then head of the National Public Health Unit, had disclosed to others information about Brochez's HIV status.
Brochez also claims that Ler had shared screenshots of his HIV status with others.
MOH attempts to engage Brochez, but he is uncooperative and evasive, and postpones meetings. At one point, he says he does not want to continue with the investigations into his allegations. MOH keeps up the investigation nonetheless.
MAY 2013
Ler is reassigned to another role. His access to the live HIV Registry is terminated.
DEC 2013
MOH discovers that Brochez may have submitted fake HIV blood tests to the Ministry of Manpower (MOM) to retain his Employment Pass.
MOH informs MOM and makes a police report.
JAN 2014
Ler resigns from MOH.
The police and MOH begin investigating whether Brochez had submitted fake blood tests and whether Ler had abetted him and provided false information to investigators.
MAY 2014
Brochez continues to be uncooperative with the police, and at first refuses to provide a statement to the police.
That month, he is stopped from leaving Singapore, and gives a police statement. In it, he lies to the police that it was his blood that was tested during a HIV test conducted in November 2013.
MOH orders Brochez to undergo a new blood test, but he refuses.
APRIL 2016
Brochez is arrested for repeatedly refusing to take a blood test. He provides police and other government authorities with a list of 75 names and particulars from the HIV Registry.
This is the first time MOH has evidence that Brochez may have access to the confidential data, said Mr Gan.
MAY 2016
MOH makes another police report on May 16.
Police raid Ler's and Brochez's premises, seizing computers, electronic storage devices and other materials.
Police discover that Brochez had sent a further 46 records from the registry to his mother by e-mail. She agrees to let police access her account and delete the records. MOH says the police, at this point, have seized everything found in the duo's possession and have done their best to ensure no confidential information remained with them.
A decision is taken not to make a public announcement as it "would not serve the interests of the affected individuals", said Mr Gan.
JUNE 2016
Ler and Brochez are charged in court.
Ler is charged under the Penal Code and the Official Secrets Act (OSA). His charge sheet, which is public information, states he had access to the HIV Registry as part of his position at MOH, and that he had failed to take reasonable care of the information in the registry by failing to retain possession of a thumb drive on which he had saved the registry.
Brochez is charged under the Misuse of Drugs Act, Penal Code and the Infectious Diseases Act.
The Attorney-General's Chambers decides not to charge him under the OSA. It assesses that he would likely be sentenced to a fine only or at most a few weeks in jail as there had been no wide dissemination of the information at that stage, and he had primarily used the information to complain to government agencies. His other charges are more serious and carry "far heavier penalties".
Brochez is issued a stern warning under the OSA.
MARCH 2017
Brochez is convicted and jailed for 28 months, inclusive of time he had served in remand since June 2016.
APRIL 2018
Brochez is released from jail and deported.
MAY 2018
Brochez sends a screenshot to several government authorities containing the details of 31 persons. They are found to be among the original 75 names he disclosed in 2016.
MOH makes another police report.
It also decides to contact the 31 individuals to inform them. This was because unlike before, it could not retrieve the screenshot of the 31 records in Brochez's possession.
MOH did not make a public announcement as there was still no specific evidence Brochez had more information beyond these 31 records. Also, he had shared it only with the government authorities and not with any wider audience. "A public announcement would create anxiety and distress not just among the 31 persons, but also other HIV patients whose names were in the registry," said Mr Gan.
SEPT 2018
Ler is convicted and sentenced to 24 months in jail. He appeals and is scheduled to appear in court in March 2019. His OSA charge is currently stood down, but will be dealt with after proceedings on his other charges have concluded.
JAN 2019
MOH becomes aware that Brochez probably still possessed the entire HIV Registry beyond the 31 records. He had also put the information online and provided the link to a non-government party.
This means the likelihood of him making public the identities of affected persons rises significantly. MOH decides to make a public announcement. It also contacts affected persons and works with the police and other parties to disable access to the information quickly.
In Parliament yesterday, Health Minister Gan Kim Yong explained how information from Singapore's HIV Registry had fallen into the wrong hands and was disclosed online, and what action the authorities took.
By Rei Kurohi, The Straits Times, 13 Feb 2019
NOV 2012
American lecturer Mikhy Farrera Brochez complains to the Ministry of Health (MOH) that his Singaporean boyfriend Ler Teck Siang, then head of the National Public Health Unit, had disclosed to others information about Brochez's HIV status.
Brochez also claims that Ler had shared screenshots of his HIV status with others.
MOH attempts to engage Brochez, but he is uncooperative and evasive, and postpones meetings. At one point, he says he does not want to continue with the investigations into his allegations. MOH keeps up the investigation nonetheless.
MAY 2013
Ler is reassigned to another role. His access to the live HIV Registry is terminated.
DEC 2013
MOH discovers that Brochez may have submitted fake HIV blood tests to the Ministry of Manpower (MOM) to retain his Employment Pass.
MOH informs MOM and makes a police report.
JAN 2014
Ler resigns from MOH.
The police and MOH begin investigating whether Brochez had submitted fake blood tests and whether Ler had abetted him and provided false information to investigators.
MAY 2014
Brochez continues to be uncooperative with the police, and at first refuses to provide a statement to the police.
That month, he is stopped from leaving Singapore, and gives a police statement. In it, he lies to the police that it was his blood that was tested during a HIV test conducted in November 2013.
MOH orders Brochez to undergo a new blood test, but he refuses.
APRIL 2016
Brochez is arrested for repeatedly refusing to take a blood test. He provides police and other government authorities with a list of 75 names and particulars from the HIV Registry.
This is the first time MOH has evidence that Brochez may have access to the confidential data, said Mr Gan.
MAY 2016
MOH makes another police report on May 16.
Police raid Ler's and Brochez's premises, seizing computers, electronic storage devices and other materials.
Police discover that Brochez had sent a further 46 records from the registry to his mother by e-mail. She agrees to let police access her account and delete the records. MOH says the police, at this point, have seized everything found in the duo's possession and have done their best to ensure no confidential information remained with them.
A decision is taken not to make a public announcement as it "would not serve the interests of the affected individuals", said Mr Gan.
JUNE 2016
Ler and Brochez are charged in court.
Ler is charged under the Penal Code and the Official Secrets Act (OSA). His charge sheet, which is public information, states he had access to the HIV Registry as part of his position at MOH, and that he had failed to take reasonable care of the information in the registry by failing to retain possession of a thumb drive on which he had saved the registry.
Brochez is charged under the Misuse of Drugs Act, Penal Code and the Infectious Diseases Act.
The Attorney-General's Chambers decides not to charge him under the OSA. It assesses that he would likely be sentenced to a fine only or at most a few weeks in jail as there had been no wide dissemination of the information at that stage, and he had primarily used the information to complain to government agencies. His other charges are more serious and carry "far heavier penalties".
Brochez is issued a stern warning under the OSA.
MARCH 2017
Brochez is convicted and jailed for 28 months, inclusive of time he had served in remand since June 2016.
APRIL 2018
Brochez is released from jail and deported.
MAY 2018
Brochez sends a screenshot to several government authorities containing the details of 31 persons. They are found to be among the original 75 names he disclosed in 2016.
MOH makes another police report.
It also decides to contact the 31 individuals to inform them. This was because unlike before, it could not retrieve the screenshot of the 31 records in Brochez's possession.
MOH did not make a public announcement as there was still no specific evidence Brochez had more information beyond these 31 records. Also, he had shared it only with the government authorities and not with any wider audience. "A public announcement would create anxiety and distress not just among the 31 persons, but also other HIV patients whose names were in the registry," said Mr Gan.
SEPT 2018
Ler is convicted and sentenced to 24 months in jail. He appeals and is scheduled to appear in court in March 2019. His OSA charge is currently stood down, but will be dealt with after proceedings on his other charges have concluded.
JAN 2019
MOH becomes aware that Brochez probably still possessed the entire HIV Registry beyond the 31 records. He had also put the information online and provided the link to a non-government party.
This means the likelihood of him making public the identities of affected persons rises significantly. MOH decides to make a public announcement. It also contacts affected persons and works with the police and other parties to disable access to the information quickly.
Parliament: MOH had to exercise care, judgment in deciding whether to inform public on HIV data data leak, says Gan Kim Yong
By Rei Kurohi, The Straits Times, 13 Feb 2019
A key factor in the Government's decision not to disclose the HIV Registry data breach when it first came to light in 2016 was that there was no evidence the information had been disseminated to the public then, Health Minister Gan Kim Yong told Parliament yesterday.
Another was the sensitivity surrounding HIV status.
In April 2016, American Mikhy Farrera Brochez revealed to the authorities that he had names and particulars from the registry.
The Ministry of Health (MOH) had to decide whether to inform the affected persons and make a public announcement about this. It decided not to.
"On the one hand, there is the need to be transparent. On the other hand, we need to consider the impact of an announcement on the affected persons with HIV - would it serve their interest, or harm them instead?" said Mr Gan.
He discussed this with medical colleagues in MOH. "They emphasised the need to pay particular attention to the concerns and needs of HIV patients. A person's HIV status is a deeply emotional and personal matter. Some patients will experience high anxiety and distress from a disclosure or announcement," he said.
"Some will feel compelled to reveal their HIV status to family members or friends. Relationships can be disrupted; lives can be changed. We had to exercise care and judgment in making our decision, and the well-being of the affected persons weighed heavily in our considerations."
Brochez sent the names and particulars of 75 individuals to the police and government authorities in April 2016. After an "extensive" search of his residence, computers, storage devices and e-mail account, the police seized or deleted all relevant information they found.
The police also found that Brochez had e-mailed a further 46 records to his mother. She agreed to let the police access her e-mail account and delete the records.
Mr Gan said: "While there could be no guarantee, MOH had good reason to believe that the information had been secured and the risk of future exposure significantly mitigated."
By Rei Kurohi, The Straits Times, 13 Feb 2019
A key factor in the Government's decision not to disclose the HIV Registry data breach when it first came to light in 2016 was that there was no evidence the information had been disseminated to the public then, Health Minister Gan Kim Yong told Parliament yesterday.
Another was the sensitivity surrounding HIV status.
In April 2016, American Mikhy Farrera Brochez revealed to the authorities that he had names and particulars from the registry.
The Ministry of Health (MOH) had to decide whether to inform the affected persons and make a public announcement about this. It decided not to.
"On the one hand, there is the need to be transparent. On the other hand, we need to consider the impact of an announcement on the affected persons with HIV - would it serve their interest, or harm them instead?" said Mr Gan.
He discussed this with medical colleagues in MOH. "They emphasised the need to pay particular attention to the concerns and needs of HIV patients. A person's HIV status is a deeply emotional and personal matter. Some patients will experience high anxiety and distress from a disclosure or announcement," he said.
"Some will feel compelled to reveal their HIV status to family members or friends. Relationships can be disrupted; lives can be changed. We had to exercise care and judgment in making our decision, and the well-being of the affected persons weighed heavily in our considerations."
Brochez sent the names and particulars of 75 individuals to the police and government authorities in April 2016. After an "extensive" search of his residence, computers, storage devices and e-mail account, the police seized or deleted all relevant information they found.
The police also found that Brochez had e-mailed a further 46 records to his mother. She agreed to let the police access her e-mail account and delete the records.
Mr Gan said: "While there could be no guarantee, MOH had good reason to believe that the information had been secured and the risk of future exposure significantly mitigated."
Of the decision to go public, he said: "Ultimately, it was a judgment call, to be made based on the information we had, the considerations for and against an announcement, and the assessed risk of future public exposure of the information."
He said MOH judged that, on balance, an announcement then would not serve the interests of the affected individuals when weighed against the inevitable anxiety and distress they would experience.
Brochez was deported in April last year after serving his sentence for drug use and cheating offences.
Last May, he sent a screenshot containing 31 records from the HIV Registry to several government authorities, indicating that he still possessed data from the registry.
MOH then contacted the affected individuals to inform them of the leak, but it decided not to inform the public as the 31 records were part of the 75 Brochez had previously disclosed.
Mr Gan said: "As on previous occasions, Brochez had only shared it with government authorities, and not to any wider audience. A public announcement would create anxiety and distress not just among the 31 persons, but also other HIV patients whose names were in the registry."
Last month, Brochez put the entire contents of the HIV Registry up to January 2013 online and sent the link to a non-government party.
MOH then decided to make a public announcement on Jan 28 as the likelihood of the affected people's identities being made public had increased significantly, Mr Gan said.
Some individuals then told MOH that Brochez had attempted to contact them last year and had given them links to confidential information he had uploaded online.
It was similar to what he uploaded last month, and no new individuals were affected. MOH worked with other authorities to block access to this information, Mr Gan said.
He said that at each juncture when it came to light that Brochez had information from the registry - May 2016, May last year and last month - MOH had a responsibility to balance the opposing considerations and exercise judgment.
"It is arguable that MOH should have made a different call. But I reject any allegation that MOH sought to cover up the incident," he said.
He stressed that on all three occasions, MOH's primary concern was the well-being of the persons on the HIV Registry.
The authorities still face the same dilemma today. "We now know that Brochez retained some data after the police seized all the files they could find in 2016. Quite possibly, he still has more files in his possession," said Mr Gan.
"Should MOH now make known all that Brochez may or may not still possess? Do we contact every person whose data may or may not be at risk? And in the process inflict more harm on people even though it may ultimately turn out that Brochez in fact does not have the information?"
He said MOH has decided to continue to manage the situation in a way that reduces the possibility of further exposure.
"This is consistent with the decision taken in 2016, and again in 2018. It is based on what we believe to be in the interest of the potentially affected persons."
Mr Gan said: "As on previous occasions, Brochez had only shared it with government authorities, and not to any wider audience. A public announcement would create anxiety and distress not just among the 31 persons, but also other HIV patients whose names were in the registry."
Last month, Brochez put the entire contents of the HIV Registry up to January 2013 online and sent the link to a non-government party.
MOH then decided to make a public announcement on Jan 28 as the likelihood of the affected people's identities being made public had increased significantly, Mr Gan said.
Some individuals then told MOH that Brochez had attempted to contact them last year and had given them links to confidential information he had uploaded online.
It was similar to what he uploaded last month, and no new individuals were affected. MOH worked with other authorities to block access to this information, Mr Gan said.
He said that at each juncture when it came to light that Brochez had information from the registry - May 2016, May last year and last month - MOH had a responsibility to balance the opposing considerations and exercise judgment.
"It is arguable that MOH should have made a different call. But I reject any allegation that MOH sought to cover up the incident," he said.
He stressed that on all three occasions, MOH's primary concern was the well-being of the persons on the HIV Registry.
The authorities still face the same dilemma today. "We now know that Brochez retained some data after the police seized all the files they could find in 2016. Quite possibly, he still has more files in his possession," said Mr Gan.
"Should MOH now make known all that Brochez may or may not still possess? Do we contact every person whose data may or may not be at risk? And in the process inflict more harm on people even though it may ultimately turn out that Brochez in fact does not have the information?"
He said MOH has decided to continue to manage the situation in a way that reduces the possibility of further exposure.
"This is consistent with the decision taken in 2016, and again in 2018. It is based on what we believe to be in the interest of the potentially affected persons."
Parliament: MPs ask about support for those affected by HIV data leak and recourse available
By Salma Khalik, Senior Health Correspondent, The Straits Times, 13 Feb 2019
Following Health Minister Gan Kim Yong's ministerial statement yesterday on the leak of confidential data from the HIV Registry, several MPs raised questions and voiced concerns over how it happened.
Some also gave suggestions on how to prevent a similar incident or to better support the affected individuals. Here are some of the questions they asked and the replies from Mr Gan as well as Home Affairs and Law Minister K. Shanmugam.
CONCERNS ABOUT BLACKMAIL ATTEMPTS
Dr Lim Wee Kiak (Sembawang GRC) asked if American Mikhy Farrera Brochez, who posted confidential HIV information online, had attempted to blackmail or make demands of people on the HIV Registry.
Mr Gan said he could not go into details as the case is under police investigation. What he did say was: "Brochez is not very consistent in his communication with all the relevant parties. So, it is very difficult to fathom what is his motive in sending these letters or demands.
"So far, we have not received any complaints or feedback on blackmail or threats from patients or from any of our contacts."
CONCERNS ABOUT PROSECUTION OF RECIPIENTS OF HIV DATA
Non-Constituency MP Daniel Goh asked if a person contacted by Brochez, who does not report this and "any leakage of confidential information", is liable for prosecution.
Mr Shanmugam replied that while "technically there could potentially be some offences under the Official Secrets Act", action is unlikely to be taken against anyone who informs or sends the information received to the Government.
SUPPORT FOR AFFECTED INDIVIDUALS WITH HIV
Ms Tin Pei Ling (MacPherson) asked what the risk of potential suicide was among those affected, and the support the MOH is giving them to "help them tide over this very difficult period".
Mr Gan said feedback he received from medical social workers indicated that there were some people who were suicidal when told that their details had gone public.
He said the social workers "had to manage the case very delicately" by sensing the distress the patients were facing and making a judgment "how much to tell them, how much to stress them further or to refer them to help", he said.
When they came across someone with "clear intention to do something drastic", they might refer them to an expert from the Institute of Mental Health.
But more often, he said, they would refer them to someone the person is familiar with, such as someone in their support group.
RECOURSE FOR THOSE WHO WERE AFFECTED
Nominated Member of Parliament Irene Quay asked: "What will be the recourse for victims, that the victims can seek, as a result of this exposure of sensitive information?"
Mr Gan said patients can take civil action against MOH on breach of data or loss of data.
But he added that MOH would "encourage them to talk to us and we will discuss with them what are the ways to help them and to support them in whichever way we can".
HIV data leak: MOH aware only in 2016 that Mikhy Farrera Brochez had access to data, says Gan Kim Yong
It had no basis to suspect he was in possession of HIV Registry data in 2012 or 2013
By Fabian Koh, The Straits Times, 13 Feb 2019
When he first informed the authorities in 2012 that his partner had disclosed information about his HIV status to others and shared screenshots of this, Mikhy Farrera Brochez, the American at the centre of the leak of Singapore's HIV Registry, was uncooperative and did not provide any evidence.
And that is why investigations did not make much headway, Health Minister Gan Kim Yong told Parliament yesterday when several MPs raised questions on whether the Ministry of Health (MOH) had known about Brochez's possible access to information from the HIV Registry as early as 2012.
In a ministerial statement setting out the chronology of events, Mr Gan said the issue in 2012 was not about Brochez's access to the registry, but whether his partner Ler Teck Siang, a doctor who headed the National Public Health Unit, had revealed the American's HIV status to other people. Brochez was then living with Ler .
In November 2012, Brochez alleged to MOH that Ler had disclosed information about Brochez's HIV status to others. "He later also claimed that Ler had shared screenshots of his HIV status with others," said Mr Gan.
"Despite multiple attempts by MOH to engage him, Brochez did not provide any evidence to support his allegation. He was uncooperative and evasive, and rejected or postponed meetings with MOH on several occasions," said Mr Gan.
"At one point, he even informed MOH officers that he was leaving Singapore and did not want to continue with the investigation into his allegation. Due to his uncooperative attitude, the investigation could not make much headway."
Nevertheless, the ministry reassigned Ler to another role in May 2013 and kept up the investigation. The doctor's access to the live HIV Registry was terminated after his reassignment, he said.
In the course of its investigation, MOH discovered in December 2013 that Brochez may have submitted fake HIV blood tests to the Ministry of Manpower (MOM) in order to retain his Employment Pass. MOH informed MOM and also made a police report. Ler resigned the following month.
Mr Gan said: "MOH's investigations in 2012 and 2013 were on Brochez's allegation that Ler had revealed Brochez's HIV status to others. At no point in 2012 or 2013 did MOH have basis to suspect that Brochez had access to, or was in possession of, the data in the HIV Registry."
Between 2014 and 2016, the police and MOH investigated whether Brochez had indeed faked his blood tests, and whether Ler had abetted him and provided false information to investigators. Mr Gan said the investigations were difficult as Brochez refused to provide a statement, until May 2014, when he was stopped while trying to leave Singapore. He lied that it was his blood that was used in a HIV test in November 2013.
MOH ordered him to undergo a fresh blood test for HIV to verify the claim, but Brochez refused. In late April 2016, he was arrested for refusing to comply with the orders to take a blood test.
He then provided the police and the government authorities with 75 names and particulars from the HIV Registry. Following this, MOH made a police report on May 16, 2016.
"This was the first time MOH had evidence that Brochez may have access to confidential HIV-related data," said Mr Gan.
The police raided Ler's and Brochez's premises simultaneously and "seized and secured all relevant materials".
"These included their computers and electronic storage devices containing files with confidential information from the HIV Registry, files related to hospital services and to other infectious diseases, as well as other information likely used by Ler for his work such as e-mails, HIV studies and reports," said Mr Gan.
The police searched through Brochez's e-mail account and found that he had sent the same screenshot that he had sent to the government authorities, as well as a PDF file of a further 46 records from the HIV Registry, to his mother.
The police contacted Brochez's mother, who agreed to let the police access her e-mail account and delete those records.
Mr Gan said: "At this point, the police had seized everything they found in Ler's and Brochez's possession, and had done their best to ensure that no further confidential information remained with Ler and Brochez, including in their known online accounts."
He added: "It was always recognised that there was a risk that Brochez could have hidden away some more information. Unfortunately, as recent events showed, Brochez did manage to retain at least some data which he has recently disclosed, and we cannot rule out the possibility that he has more."
Ler and Brochez were both charged in court in June 2016. Ler was charged under the Penal Code and Official Secrets Act. Brochez was charged with offences under the Misuse of Drugs Act, Penal Code and Infectious Diseases Act.
By Salma Khalik, Senior Health Correspondent, The Straits Times, 13 Feb 2019
Following Health Minister Gan Kim Yong's ministerial statement yesterday on the leak of confidential data from the HIV Registry, several MPs raised questions and voiced concerns over how it happened.
Some also gave suggestions on how to prevent a similar incident or to better support the affected individuals. Here are some of the questions they asked and the replies from Mr Gan as well as Home Affairs and Law Minister K. Shanmugam.
CONCERNS ABOUT BLACKMAIL ATTEMPTS
Dr Lim Wee Kiak (Sembawang GRC) asked if American Mikhy Farrera Brochez, who posted confidential HIV information online, had attempted to blackmail or make demands of people on the HIV Registry.
Mr Gan said he could not go into details as the case is under police investigation. What he did say was: "Brochez is not very consistent in his communication with all the relevant parties. So, it is very difficult to fathom what is his motive in sending these letters or demands.
"So far, we have not received any complaints or feedback on blackmail or threats from patients or from any of our contacts."
CONCERNS ABOUT PROSECUTION OF RECIPIENTS OF HIV DATA
Non-Constituency MP Daniel Goh asked if a person contacted by Brochez, who does not report this and "any leakage of confidential information", is liable for prosecution.
Mr Shanmugam replied that while "technically there could potentially be some offences under the Official Secrets Act", action is unlikely to be taken against anyone who informs or sends the information received to the Government.
SUPPORT FOR AFFECTED INDIVIDUALS WITH HIV
Ms Tin Pei Ling (MacPherson) asked what the risk of potential suicide was among those affected, and the support the MOH is giving them to "help them tide over this very difficult period".
Mr Gan said feedback he received from medical social workers indicated that there were some people who were suicidal when told that their details had gone public.
He said the social workers "had to manage the case very delicately" by sensing the distress the patients were facing and making a judgment "how much to tell them, how much to stress them further or to refer them to help", he said.
When they came across someone with "clear intention to do something drastic", they might refer them to an expert from the Institute of Mental Health.
But more often, he said, they would refer them to someone the person is familiar with, such as someone in their support group.
RECOURSE FOR THOSE WHO WERE AFFECTED
Nominated Member of Parliament Irene Quay asked: "What will be the recourse for victims, that the victims can seek, as a result of this exposure of sensitive information?"
Mr Gan said patients can take civil action against MOH on breach of data or loss of data.
But he added that MOH would "encourage them to talk to us and we will discuss with them what are the ways to help them and to support them in whichever way we can".
HIV data leak: MOH aware only in 2016 that Mikhy Farrera Brochez had access to data, says Gan Kim Yong
It had no basis to suspect he was in possession of HIV Registry data in 2012 or 2013
By Fabian Koh, The Straits Times, 13 Feb 2019
When he first informed the authorities in 2012 that his partner had disclosed information about his HIV status to others and shared screenshots of this, Mikhy Farrera Brochez, the American at the centre of the leak of Singapore's HIV Registry, was uncooperative and did not provide any evidence.
And that is why investigations did not make much headway, Health Minister Gan Kim Yong told Parliament yesterday when several MPs raised questions on whether the Ministry of Health (MOH) had known about Brochez's possible access to information from the HIV Registry as early as 2012.
In a ministerial statement setting out the chronology of events, Mr Gan said the issue in 2012 was not about Brochez's access to the registry, but whether his partner Ler Teck Siang, a doctor who headed the National Public Health Unit, had revealed the American's HIV status to other people. Brochez was then living with Ler .
In November 2012, Brochez alleged to MOH that Ler had disclosed information about Brochez's HIV status to others. "He later also claimed that Ler had shared screenshots of his HIV status with others," said Mr Gan.
"Despite multiple attempts by MOH to engage him, Brochez did not provide any evidence to support his allegation. He was uncooperative and evasive, and rejected or postponed meetings with MOH on several occasions," said Mr Gan.
"At one point, he even informed MOH officers that he was leaving Singapore and did not want to continue with the investigation into his allegation. Due to his uncooperative attitude, the investigation could not make much headway."
Nevertheless, the ministry reassigned Ler to another role in May 2013 and kept up the investigation. The doctor's access to the live HIV Registry was terminated after his reassignment, he said.
In the course of its investigation, MOH discovered in December 2013 that Brochez may have submitted fake HIV blood tests to the Ministry of Manpower (MOM) in order to retain his Employment Pass. MOH informed MOM and also made a police report. Ler resigned the following month.
Mr Gan said: "MOH's investigations in 2012 and 2013 were on Brochez's allegation that Ler had revealed Brochez's HIV status to others. At no point in 2012 or 2013 did MOH have basis to suspect that Brochez had access to, or was in possession of, the data in the HIV Registry."
Between 2014 and 2016, the police and MOH investigated whether Brochez had indeed faked his blood tests, and whether Ler had abetted him and provided false information to investigators. Mr Gan said the investigations were difficult as Brochez refused to provide a statement, until May 2014, when he was stopped while trying to leave Singapore. He lied that it was his blood that was used in a HIV test in November 2013.
MOH ordered him to undergo a fresh blood test for HIV to verify the claim, but Brochez refused. In late April 2016, he was arrested for refusing to comply with the orders to take a blood test.
He then provided the police and the government authorities with 75 names and particulars from the HIV Registry. Following this, MOH made a police report on May 16, 2016.
"This was the first time MOH had evidence that Brochez may have access to confidential HIV-related data," said Mr Gan.
The police raided Ler's and Brochez's premises simultaneously and "seized and secured all relevant materials".
"These included their computers and electronic storage devices containing files with confidential information from the HIV Registry, files related to hospital services and to other infectious diseases, as well as other information likely used by Ler for his work such as e-mails, HIV studies and reports," said Mr Gan.
The police searched through Brochez's e-mail account and found that he had sent the same screenshot that he had sent to the government authorities, as well as a PDF file of a further 46 records from the HIV Registry, to his mother.
The police contacted Brochez's mother, who agreed to let the police access her e-mail account and delete those records.
Mr Gan said: "At this point, the police had seized everything they found in Ler's and Brochez's possession, and had done their best to ensure that no further confidential information remained with Ler and Brochez, including in their known online accounts."
He added: "It was always recognised that there was a risk that Brochez could have hidden away some more information. Unfortunately, as recent events showed, Brochez did manage to retain at least some data which he has recently disclosed, and we cannot rule out the possibility that he has more."
Ler and Brochez were both charged in court in June 2016. Ler was charged under the Penal Code and Official Secrets Act. Brochez was charged with offences under the Misuse of Drugs Act, Penal Code and Infectious Diseases Act.
HIV data leak: Why Brochez was not charged under Official Secrets Act in 2016
By Fabian Koh, The Straits Times, 13 Feb 2019
Mikhy Farrera Brochez, the American who allegedly leaked information from Singapore's HIV Registry, was not charged under the Official Secrets Act (OSA) back in 2016 as he was already facing other charges that carried heavier penalties, Health Minister Gan Kim Yong said yesterday.
Brochez first alerted the authorities in April 2016 that he might have access to confidential HIV-related data when he sent 75 names and particulars from the registry to the authorities.
But he was not charged under the OSA, and instead faced charges for offences under the Misuse of Drugs Act, Penal Code and Infectious Diseases Act in June 2016.
Explaining the circumstances, Mr Gan told the House that the Attorney-General's Chambers (AGC) decided not to charge Brochez under the OSA after assessing that he would likely be sentenced to only a fine, or at most a few weeks in jail.
This was because there had been no wide dissemination of the information then, and Brochez had primarily used the information to complain to government agencies.
"He was already facing numerous fraud and drug-related charges, which carried far heavier penalties.
"AGC also assessed that any jail term under the OSA was likely to be concurrent with jail terms that he would serve under the other offences," said Mr Gan, revealing that Brochez was issued with a stern warning for the OSA offence.
Meanwhile, Brochez's partner Ler Teck Siang, who was formerly head of the National Public Health Unit (NPHU), was charged under the Penal Code and the OSA. His charge sheet stated that he had access to the HIV Registry as part of his former position as NPHU head, and had failed to take reasonable care of the information by failing to retain possession of a thumb drive on which he had saved the HIV Registry.
In September last year, Ler was convicted for abetting Brochez to commit cheating and providing false information to the police and Ministry of Health, and sentenced to two years in jail. He has appealed against this, with the hearing set for next month.
On two occasions in 2008 and 2013, Brochez, who is HIV-positive, conspired with Ler to submit fake blood tests to the Ministry of Manpower for his Employment Pass applications.
"AGC decided to go to trial against Ler on the cheating and false information charges first, as they were more serious and carried stiffer penalties," said Mr Gan.
The trial for Ler's drug charges will be held in May, as it also involves stiffer penalties, including caning. His OSA charge is currently stood down, which means it has been put aside until the proceedings on his other charges have been concluded.
"So that there is no doubt, let me say again that the OSA charge against Ler is still 'live'. AGC will decide on the OSA charge after proceedings on his other charges have concluded. This is the usual course," said Mr Gan.
By Fabian Koh, The Straits Times, 13 Feb 2019
Mikhy Farrera Brochez, the American who allegedly leaked information from Singapore's HIV Registry, was not charged under the Official Secrets Act (OSA) back in 2016 as he was already facing other charges that carried heavier penalties, Health Minister Gan Kim Yong said yesterday.
Brochez first alerted the authorities in April 2016 that he might have access to confidential HIV-related data when he sent 75 names and particulars from the registry to the authorities.
But he was not charged under the OSA, and instead faced charges for offences under the Misuse of Drugs Act, Penal Code and Infectious Diseases Act in June 2016.
Explaining the circumstances, Mr Gan told the House that the Attorney-General's Chambers (AGC) decided not to charge Brochez under the OSA after assessing that he would likely be sentenced to only a fine, or at most a few weeks in jail.
This was because there had been no wide dissemination of the information then, and Brochez had primarily used the information to complain to government agencies.
"He was already facing numerous fraud and drug-related charges, which carried far heavier penalties.
"AGC also assessed that any jail term under the OSA was likely to be concurrent with jail terms that he would serve under the other offences," said Mr Gan, revealing that Brochez was issued with a stern warning for the OSA offence.
Meanwhile, Brochez's partner Ler Teck Siang, who was formerly head of the National Public Health Unit (NPHU), was charged under the Penal Code and the OSA. His charge sheet stated that he had access to the HIV Registry as part of his former position as NPHU head, and had failed to take reasonable care of the information by failing to retain possession of a thumb drive on which he had saved the HIV Registry.
In September last year, Ler was convicted for abetting Brochez to commit cheating and providing false information to the police and Ministry of Health, and sentenced to two years in jail. He has appealed against this, with the hearing set for next month.
On two occasions in 2008 and 2013, Brochez, who is HIV-positive, conspired with Ler to submit fake blood tests to the Ministry of Manpower for his Employment Pass applications.
"AGC decided to go to trial against Ler on the cheating and false information charges first, as they were more serious and carried stiffer penalties," said Mr Gan.
The trial for Ler's drug charges will be held in May, as it also involves stiffer penalties, including caning. His OSA charge is currently stood down, which means it has been put aside until the proceedings on his other charges have been concluded.
"So that there is no doubt, let me say again that the OSA charge against Ler is still 'live'. AGC will decide on the OSA charge after proceedings on his other charges have concluded. This is the usual course," said Mr Gan.
Parliament: 2,400 Singaporeans affected by HIV data leak contacted by MOH
Ministry providing support and will continue to work with groups to reduce HIV stigma, says Gan
By Rei Kurohi, The Straits Times, 13 Feb 2019
The Ministry of Health (MOH) has reached out to 2,400 of the 3,500 Singaporeans affected by the HIV Registry data leak who are diagnosed with HIV and are still alive, Health Minister Gan Kim Yong told Parliament yesterday.
But it was not able to reach everyone on the HIV Registry, which dates back to 1985, as many had dated contact information, he said.
Ministry providing support and will continue to work with groups to reduce HIV stigma, says Gan
By Rei Kurohi, The Straits Times, 13 Feb 2019
The Ministry of Health (MOH) has reached out to 2,400 of the 3,500 Singaporeans affected by the HIV Registry data leak who are diagnosed with HIV and are still alive, Health Minister Gan Kim Yong told Parliament yesterday.
But it was not able to reach everyone on the HIV Registry, which dates back to 1985, as many had dated contact information, he said.
Some were foreigners who had applied for work passes but never worked in Singapore. Others had previously worked in Singapore but are no longer here.
Of the 14,200 people whose personal information was leaked by American Mikhy Farrera Brochez on Jan 22, 8,800 were foreigners and the remaining 5,400 Singaporeans and permanent residents. Of the Singaporeans, 3,500 are alive.
Mr Gan said MOH's medical social workers identified the patients likely to require more support so that designated officers could exercise extra care when calling them. Counsellors were also on standby to speak to those in distress or who required more advice and support.
He noted that some affected individuals may prefer to discuss their concerns with those they are more familiar with, such as the medical social workers, nurses and doctors who have been supporting their ongoing care and treatment.
"We have arranged with the relevant public hospitals to have medical social workers and doctors on site to attend to them," said Mr Gan.
"Understandably, despite these efforts, some will continue to be concerned. Some may decline to return to care because of the fear of future disclosure. Some felt we should have just informed the affected individuals. A few wished they had not been called at all."
Mr Gan said medical social workers were themselves distressed by the news they had to break, and felt the anguish that the patients experienced when they were told.
He added that they had to conduct the calls carefully and gently, and be alert to signs of distress so that they could help the patients appropriately. The medical social workers have, at times, become the target of anger and blame, but still would do their best to support the affected persons, said Mr Gan.
"These reactions are not unexpected. They were the reasons we made a judgment call in 2016 not to make a public announcement, and in 2018 to inform only the affected patients," he added.
Several MPs asked how MOH will help to destigmatise HIV following the leak. Nominated MP Walter Theseira suggested changes to immigration and employment restrictions on foreigners with HIV.
Mr Gan said such policies are reviewed regularly, taking into account international practices and the concerns of Singaporeans. Some adjustments, like lifting the restriction on people living with HIV coming here for short-term stays, have been made over the years.
But he said the Government must be very cautious in approaching the issue as HIV remains "a very serious infectious disease". Restrictions on long-term stays remain in place.
Mr Gan said HIV testing and counselling services are more widely available, with 10 sites across the island offering anonymous testing.
He also said that MOH will continue to work with groups like Action for Aids to step up public education, stigma reduction, treatment and counselling, but that destigmatisation efforts have to cut across society.
"How each of us as individuals relates to persons with HIV also matters a lot," said Mr Gan.
"Here, I would like to appeal to Singaporeans to stand in support of these affected individuals and our efforts to fight the stigma against persons living with HIV."
Data leak: HIV Registry security safeguards in line with government policy then
By Fabian Koh, The Straits Times, 13 Feb 2019
Before 2012, staff of the National Public Health Unit (NPHU) were allowed to use personal thumb drives to download the HIV Registry to carry out their work such as routine data entry, contact tracing and analysis.
This was because the registry was placed then in a secured network drive, which meant the file could be accessed and downloaded only from government-issued computers, and was password protected.
This was revealed by Health Minister Gan Kim Yong in Parliament when answering questions from MPs regarding the purpose and safeguards of the HIV Registry.
As the NPHU head then, Singaporean doctor Ler Teck Siang had the authority to access information in the HIV Registry as required for his work. He is believed to have downloaded confidential information from the HIV Registry onto a thumb drive, and then failed to retain possession of it.
Ler has since been charged under the Official Secrets Act (OSA) for mishandling the information.
On Jan 22, his American partner - Mikhy Farrera Brochez - posted online the information from the entire HIV Registry, prompting the Ministry of Health (MOH) to disclose the data breach and triggering concerns about the level of data security and safeguards on staff access to confidential information.
In Parliament yesterday, Mr Gan said the security safeguards for the HIV Registry in 2012 and 2013 were in accordance with prevailing government policies on classified information and IT security at that time. He said staff were briefed on the policies, systems and processes, and regularly reminded of the sensitivity of the information that they should access on a need-to-know basis.
"All of them signed an undertaking to observe confidentiality obligations under the OSA," he added.
By Fabian Koh, The Straits Times, 13 Feb 2019
Before 2012, staff of the National Public Health Unit (NPHU) were allowed to use personal thumb drives to download the HIV Registry to carry out their work such as routine data entry, contact tracing and analysis.
This was because the registry was placed then in a secured network drive, which meant the file could be accessed and downloaded only from government-issued computers, and was password protected.
This was revealed by Health Minister Gan Kim Yong in Parliament when answering questions from MPs regarding the purpose and safeguards of the HIV Registry.
As the NPHU head then, Singaporean doctor Ler Teck Siang had the authority to access information in the HIV Registry as required for his work. He is believed to have downloaded confidential information from the HIV Registry onto a thumb drive, and then failed to retain possession of it.
Ler has since been charged under the Official Secrets Act (OSA) for mishandling the information.
On Jan 22, his American partner - Mikhy Farrera Brochez - posted online the information from the entire HIV Registry, prompting the Ministry of Health (MOH) to disclose the data breach and triggering concerns about the level of data security and safeguards on staff access to confidential information.
In Parliament yesterday, Mr Gan said the security safeguards for the HIV Registry in 2012 and 2013 were in accordance with prevailing government policies on classified information and IT security at that time. He said staff were briefed on the policies, systems and processes, and regularly reminded of the sensitivity of the information that they should access on a need-to-know basis.
"All of them signed an undertaking to observe confidentiality obligations under the OSA," he added.
Mr Gan said the HIV Registry database had been migrated to a network-based system in 2012 even before the complaint from Brochez in November 2012 that Ler had shared screenshots of his HIV status with others.
NPHU staff no longer had to download a database file from a network drive, password-protected and accessible only from government-issued computers. They could instead retrieve records from the network-based system, enhancing the audit trail, said Mr Gan. In 2014, alerts of multiple failed log-in attempts were added to the system.
He added that the NPHU system was further strengthened in 2016 following a data security review by MOH's chief data officer.
Downloading and decrypting HIV Registry data now requires approval from the director of the Communicable Diseases Division or higher, with a two-person approval process to ensure information cannot be accessed by a single person.
A dedicated workstation for handling data from the HIV Registry was also set aside and locked down to prevent unauthorised data removal.
In 2017, the unit complied with government-wide policy to disable the use of unauthorised portable storage devices on official computers, and allow only the use of authorised and encrypted thumb drives, said Mr Gan.
Moving forward, he said a data analytics group had been set up in April last year to focus on data usage and safeguards. Within the group is a six-person Data Governance Division which formulates policies, practices and guidelines for MOH and its agencies.
NPHU staff no longer had to download a database file from a network drive, password-protected and accessible only from government-issued computers. They could instead retrieve records from the network-based system, enhancing the audit trail, said Mr Gan. In 2014, alerts of multiple failed log-in attempts were added to the system.
He added that the NPHU system was further strengthened in 2016 following a data security review by MOH's chief data officer.
Downloading and decrypting HIV Registry data now requires approval from the director of the Communicable Diseases Division or higher, with a two-person approval process to ensure information cannot be accessed by a single person.
A dedicated workstation for handling data from the HIV Registry was also set aside and locked down to prevent unauthorised data removal.
In 2017, the unit complied with government-wide policy to disable the use of unauthorised portable storage devices on official computers, and allow only the use of authorised and encrypted thumb drives, said Mr Gan.
Moving forward, he said a data analytics group had been set up in April last year to focus on data usage and safeguards. Within the group is a six-person Data Governance Division which formulates policies, practices and guidelines for MOH and its agencies.
Mr Gan said MOH will "expand the role and resourcing of this unit", and task it with a specific mandate and team to look into the compliance and audit of data access and use.
He added that in the light of the HIV Registry leak, and the increased use of data across the healthcare sector, having staff adhere to data security and governance policies is crucial. However, Mr Gan also said there is "no foolproof system" as the integrity of a person can only be proven over time.
He added that in the light of the HIV Registry leak, and the increased use of data across the healthcare sector, having staff adhere to data security and governance policies is crucial. However, Mr Gan also said there is "no foolproof system" as the integrity of a person can only be proven over time.
** Singapore rebuts claims by American Mikhy Farrera Brochez in HIV data leak
Police, prisons deny allegations by American Mikhy Farrera Brochez at centre of HIV data leak
By Fabian Koh and Rei Kurohi, The Straits Times, 14 Feb 2019
The Government has denied allegations made by Mikhy Farrera Brochez, the American at the centre of the HIV Registry data leak.
In several Facebook posts yesterday morning, Brochez claimed, among other things, that he was abused while in police custody; that he was sexually assaulted while in prison and contracted HIV only then; that he was denied HIV medication while in jail; and that the registry was leaked by another person.
His posts came after Health Minister Gan Kim Yong gave a ministerial statement in Parliament on Tuesday explaining how the registry had fallen into Brochez's hands, the events leading up to Brochez leaking the information online, and the steps the authorities have since taken to manage the leak.
The Ministry of Health (MOH) revealed the data breach on Jan 28, six days after discovering that Brochez had leaked online the details of 14,200 people diagnosed with HIV here since 1985. Brochez had been deported last year after serving a jail term for other offences and is in the United States.
An MOH statement yesterday said Brochez "continues to make allegations which are either false or unsubstantiated". It said the matter had been thoroughly investigated by both the ministry and the police. "Brochez was convicted in court of fraud and various drug offences. Should new evidence emerge, we will investigate accordingly."
MOH added that it had previously indicated Brochez may be in possession of further information that he could reveal in the future. "He has now threatened to do so, and MOH will work with the police to take appropriate actions," it said, referring to Brochez's Facebook posts.
In a joint statement, the Singapore Police Force and Singapore Prison Service responded to some of Brochez's other allegations.
On the claim that the HIV Registry was leaked by one Zachary Levine, the statement said the police investigated Mr Levine in 2016 following similar allegations by Brochez.
It read: "Police investigation, which included an interview and examination of Levine's electronic devices seized from his residence, did not reveal any evidence to suggest that (he) was in possession of any MOH-related files, or had shared any HIV Registry data."
It added that before 2016, Brochez claimed in correspondence with MOH that his partner Ler Teck Siang and Mr Levine had shared screenshots of Brochez's own record in the HIV Registry, "but Brochez was never able to produce verifiable evidence to support this claim".
Ler, 37, a Singaporean doctor who was Brochez's live-in partner, is facing a charge under the Official Secrets Act for failing to properly handle information from the HIV Registry that he had access to as head of the National Public Health Unit up to May 2013.
Brochez also claimed he had been abused in police custody and that he had been sexually assaulted in prison and contracted HIV there.
The statement said these claims had been investigated and found to be untrue by the police's Internal Affairs Office and the Criminal Investigation Department. It added that Brochez had "committed a litany of institutional offences, including assaulting a fellow inmate" in prison.
The authorities said that when Brochez was admitted into prison in June 2016, he declared he had been HIV positive since 2008.
They said it was untrue he was denied HIV medication to manage his condition while in jail, adding that it is "a matter of record" that Brochez had contracted HIV years before he went to jail here in 2016.
"He, however, refused to submit himself for the necessary blood tests for the purposes of ascertaining his medical condition and of treatment," the statement said.
Given his refusal, the prison eventually checked with MOH and subsequently provided him with the necessary medication.
The statement said the Attorney-General's Chambers did not interfere with his medical treatment and had no authority to do so. "Brochez had been tried and found guilty by the Singapore courts. He was accorded due legal process," it said. "He has now made baseless allegations about the investigations as well as against the police and prisons. His actions have shown him to be a pathological liar. Nevertheless, we welcome him to come back to Singapore to assist with police investigations."
Dr Leong Hoe Nam, an infectious disease specialist who treated Brochez in prison, also denied allegations he had given the American a list of HIV-positive prisoners or told him that he did not have HIV.
Dr Leong said he never had such a list and it would have been impossible to give Brochez any kind of written material, given the tight security. "I strongly object to what Mikhy has alleged. Both the prison service and myself discharged our duties fully and with no bias or stigma," Dr Leong said. "Medical confidentiality and patient care were always at the top of our minds. These accusations go against the very fabric of our values."
Police, prisons deny allegations by American Mikhy Farrera Brochez at centre of HIV data leak
By Fabian Koh and Rei Kurohi, The Straits Times, 14 Feb 2019
The Government has denied allegations made by Mikhy Farrera Brochez, the American at the centre of the HIV Registry data leak.
In several Facebook posts yesterday morning, Brochez claimed, among other things, that he was abused while in police custody; that he was sexually assaulted while in prison and contracted HIV only then; that he was denied HIV medication while in jail; and that the registry was leaked by another person.
His posts came after Health Minister Gan Kim Yong gave a ministerial statement in Parliament on Tuesday explaining how the registry had fallen into Brochez's hands, the events leading up to Brochez leaking the information online, and the steps the authorities have since taken to manage the leak.
The Ministry of Health (MOH) revealed the data breach on Jan 28, six days after discovering that Brochez had leaked online the details of 14,200 people diagnosed with HIV here since 1985. Brochez had been deported last year after serving a jail term for other offences and is in the United States.
An MOH statement yesterday said Brochez "continues to make allegations which are either false or unsubstantiated". It said the matter had been thoroughly investigated by both the ministry and the police. "Brochez was convicted in court of fraud and various drug offences. Should new evidence emerge, we will investigate accordingly."
MOH added that it had previously indicated Brochez may be in possession of further information that he could reveal in the future. "He has now threatened to do so, and MOH will work with the police to take appropriate actions," it said, referring to Brochez's Facebook posts.
In a joint statement, the Singapore Police Force and Singapore Prison Service responded to some of Brochez's other allegations.
On the claim that the HIV Registry was leaked by one Zachary Levine, the statement said the police investigated Mr Levine in 2016 following similar allegations by Brochez.
It read: "Police investigation, which included an interview and examination of Levine's electronic devices seized from his residence, did not reveal any evidence to suggest that (he) was in possession of any MOH-related files, or had shared any HIV Registry data."
It added that before 2016, Brochez claimed in correspondence with MOH that his partner Ler Teck Siang and Mr Levine had shared screenshots of Brochez's own record in the HIV Registry, "but Brochez was never able to produce verifiable evidence to support this claim".
Ler, 37, a Singaporean doctor who was Brochez's live-in partner, is facing a charge under the Official Secrets Act for failing to properly handle information from the HIV Registry that he had access to as head of the National Public Health Unit up to May 2013.
Brochez also claimed he had been abused in police custody and that he had been sexually assaulted in prison and contracted HIV there.
The statement said these claims had been investigated and found to be untrue by the police's Internal Affairs Office and the Criminal Investigation Department. It added that Brochez had "committed a litany of institutional offences, including assaulting a fellow inmate" in prison.
The authorities said that when Brochez was admitted into prison in June 2016, he declared he had been HIV positive since 2008.
They said it was untrue he was denied HIV medication to manage his condition while in jail, adding that it is "a matter of record" that Brochez had contracted HIV years before he went to jail here in 2016.
"He, however, refused to submit himself for the necessary blood tests for the purposes of ascertaining his medical condition and of treatment," the statement said.
Given his refusal, the prison eventually checked with MOH and subsequently provided him with the necessary medication.
The statement said the Attorney-General's Chambers did not interfere with his medical treatment and had no authority to do so. "Brochez had been tried and found guilty by the Singapore courts. He was accorded due legal process," it said. "He has now made baseless allegations about the investigations as well as against the police and prisons. His actions have shown him to be a pathological liar. Nevertheless, we welcome him to come back to Singapore to assist with police investigations."
Dr Leong Hoe Nam, an infectious disease specialist who treated Brochez in prison, also denied allegations he had given the American a list of HIV-positive prisoners or told him that he did not have HIV.
Dr Leong said he never had such a list and it would have been impossible to give Brochez any kind of written material, given the tight security. "I strongly object to what Mikhy has alleged. Both the prison service and myself discharged our duties fully and with no bias or stigma," Dr Leong said. "Medical confidentiality and patient care were always at the top of our minds. These accusations go against the very fabric of our values."
HIV data leak: Brochez's account of events convoluted, nearly impossible to verify, says US news outlet
The Straits Times, 14 Feb 2019
Besides his Facebook posts, American Mikhy Farrera Brochez also gave an interview to a US news outlet on his run-ins with the law in Singapore and his role in the HIV Registry data leak.
US-based news website Vice News reported yesterday that, according to e-mails viewed by its reporters, Brochez e-mailed Google Drive links for what he said was the HIV Registry to an e-mail address associated with the Supreme Court in Singapore.
It also reported that several members of the Singapore government, the Attorney-General's Chambers, an official with the US State Department and a senior editor at CNN's Hong Kong bureau were also copied in that e-mail.
Vice News said that Brochez also offered to show it the HIV Registry multiple times. But it declined to view the registry data given that it contained private medical information.
Vice reported that in September last year, Brochez sent a separate e-mail containing a similar link to the editor-in-chief of The Straits Times (ST).
ST editor Warren Fernandez confirmed last night that he did receive e-mails from Brochez last year. These were sent in May and June, and not September, as reported by Vice News.
The Straits Times, 14 Feb 2019
Besides his Facebook posts, American Mikhy Farrera Brochez also gave an interview to a US news outlet on his run-ins with the law in Singapore and his role in the HIV Registry data leak.
US-based news website Vice News reported yesterday that, according to e-mails viewed by its reporters, Brochez e-mailed Google Drive links for what he said was the HIV Registry to an e-mail address associated with the Supreme Court in Singapore.
It also reported that several members of the Singapore government, the Attorney-General's Chambers, an official with the US State Department and a senior editor at CNN's Hong Kong bureau were also copied in that e-mail.
Vice News said that Brochez also offered to show it the HIV Registry multiple times. But it declined to view the registry data given that it contained private medical information.
Vice reported that in September last year, Brochez sent a separate e-mail containing a similar link to the editor-in-chief of The Straits Times (ST).
ST editor Warren Fernandez confirmed last night that he did receive e-mails from Brochez last year. These were sent in May and June, and not September, as reported by Vice News.
As is its usual practice in following up on such leads, the newsroom looked into them, but it could not corroborate the allegations made by him.
The Vice report yesterday also described Brochez's accounts of events as "convoluted and nearly impossible to verify in full, particularly since the details often shift in the retelling".
The Vice report yesterday also described Brochez's accounts of events as "convoluted and nearly impossible to verify in full, particularly since the details often shift in the retelling".
*** HIV data leak: Facebook removes Brochez's accounts, citing policy violations
By Hariz Baharudin, The Straits Times, 15 Feb 2019
Facebook has removed the accounts of Mikhy Farrera Brochez, the American at the centre of the HIV Registry data leak, The Straits Times has learnt.
ST understands that Facebook removed his accounts due to policy violations and that the move was not related to a government request.
His accounts went against the social media giant's privacy policy on sharing other people's medical information and its bullying policy, which disallows claims of sexual activity with named private individuals.
In response to ST's queries, a Facebook spokesman said yesterday: "We want everyone using Facebook to feel safe. That is why we have Community Standards which outline what stays up and what comes down.
"Under these policies, we remove content or accounts that share medical information on others, and any content that poses a credible threat of harm to others. The consequences for breaching our Community Standards vary, depending on the severity of the breach."
Brochez had at least two Facebook accounts that have since been deleted.
The Ministry of Health (MOH) revealed on Jan 28 that Brochez got hold of the details of 14,200 people diagnosed with HIV here since 1985, and leaked the data.
Health Minister Gan Kim Yong gave a ministerial statement in Parliament on Tuesday, explaining how the data had fallen into Brochez's hands, the events leading up to Brochez leaking the information online, and the steps the authorities have since taken to plug the leak.
On Wednesday morning, Brochez had made several posts where he claimed, among other things, that he was abused while in police custody; that he was sexually assaulted while in prison and contracted HIV only then; that he was denied HIV medication while in jail; and that the HIV Registry was leaked by another person.
Later on Wednesday, the Government denied the allegations.
An MOH statement said the matter had been thoroughly investigated by both the ministry and the police, but Brochez "continues to make allegations which are either false or unsubstantiated".
A joint statement from the Singapore Police Force and the Singapore Prison Service said Brochez had been tried and found guilty by the Singapore courts and was accorded due legal process.
"He has now made baseless allegations about the investigations as well as against the police and prisons. His actions have shown him to be a pathological liar," the statement said. "Nevertheless, we welcome him to come back to Singapore to assist with police investigations."
In November last year, Facebook said it does not have a policy that prohibits alleged fake news, following calls to remove a post that contained an article that had made allegations against Prime Minister Lee Hsien Loong and the Government in relation to the 1Malaysia Development Berhad scandal.
The social media giant refused to take down the post by sociopolitical website States Times Review, which had a link to the article on its website.
In response to queries from ST then on why it had not acceded to the request, a Facebook spokesman said it had a responsibility to handle any government request to restrict alleged misinformation "carefully and thoughtfully", and that this was consistent with its approach to government requests elsewhere.
The spokesman added then that Facebook does not have a policy that prohibits alleged falsehoods, "apart from in situations where this content has the potential to contribute to imminent violence or physical harm".
By Hariz Baharudin, The Straits Times, 15 Feb 2019
ST understands that Facebook removed his accounts due to policy violations and that the move was not related to a government request.
His accounts went against the social media giant's privacy policy on sharing other people's medical information and its bullying policy, which disallows claims of sexual activity with named private individuals.
In response to ST's queries, a Facebook spokesman said yesterday: "We want everyone using Facebook to feel safe. That is why we have Community Standards which outline what stays up and what comes down.
"Under these policies, we remove content or accounts that share medical information on others, and any content that poses a credible threat of harm to others. The consequences for breaching our Community Standards vary, depending on the severity of the breach."
Brochez had at least two Facebook accounts that have since been deleted.
The Ministry of Health (MOH) revealed on Jan 28 that Brochez got hold of the details of 14,200 people diagnosed with HIV here since 1985, and leaked the data.
Health Minister Gan Kim Yong gave a ministerial statement in Parliament on Tuesday, explaining how the data had fallen into Brochez's hands, the events leading up to Brochez leaking the information online, and the steps the authorities have since taken to plug the leak.
On Wednesday morning, Brochez had made several posts where he claimed, among other things, that he was abused while in police custody; that he was sexually assaulted while in prison and contracted HIV only then; that he was denied HIV medication while in jail; and that the HIV Registry was leaked by another person.
Later on Wednesday, the Government denied the allegations.
An MOH statement said the matter had been thoroughly investigated by both the ministry and the police, but Brochez "continues to make allegations which are either false or unsubstantiated".
A joint statement from the Singapore Police Force and the Singapore Prison Service said Brochez had been tried and found guilty by the Singapore courts and was accorded due legal process.
"He has now made baseless allegations about the investigations as well as against the police and prisons. His actions have shown him to be a pathological liar," the statement said. "Nevertheless, we welcome him to come back to Singapore to assist with police investigations."
In November last year, Facebook said it does not have a policy that prohibits alleged fake news, following calls to remove a post that contained an article that had made allegations against Prime Minister Lee Hsien Loong and the Government in relation to the 1Malaysia Development Berhad scandal.
The social media giant refused to take down the post by sociopolitical website States Times Review, which had a link to the article on its website.
In response to queries from ST then on why it had not acceded to the request, a Facebook spokesman said it had a responsibility to handle any government request to restrict alleged misinformation "carefully and thoughtfully", and that this was consistent with its approach to government requests elsewhere.
The spokesman added then that Facebook does not have a policy that prohibits alleged falsehoods, "apart from in situations where this content has the potential to contribute to imminent violence or physical harm".
Related
MOH: UNAUTHORISED POSSESSION AND DISCLOSURE OF INFORMATION FROM HIV REGISTRY -28 Jan 2019
STATEMENT BY MINISTER (HEALTH) MR GAN KIM YONG ON THE UNAUTHORISED POSSESSION AND DISCLOSURE OF INFORMATION FROM HIV REGISTRY -12 Feb 2019
MOH STATEMENT ON FURTHER ALLEGATIONS MADE BY MIKHY BROCHEZ -13 Feb 2019
Joint SPF-SPS Statement in Response to allegations made in Mikhy Brochez’s Facebook Post -13 Feb 2019
MOH: UNAUTHORISED POSSESSION AND DISCLOSURE OF INFORMATION FROM HIV REGISTRY -28 Jan 2019
STATEMENT BY MINISTER (HEALTH) MR GAN KIM YONG ON THE UNAUTHORISED POSSESSION AND DISCLOSURE OF INFORMATION FROM HIV REGISTRY -12 Feb 2019
MOH STATEMENT ON FURTHER ALLEGATIONS MADE BY MIKHY BROCHEZ -13 Feb 2019
Joint SPF-SPS Statement in Response to allegations made in Mikhy Brochez’s Facebook Post -13 Feb 2019
No comments:
Post a Comment