HIV leak case reminds companies data security and trust are linked

This article is more than 12 months old

HIV leak case is a reminder that data security is critical in ensuring stakeholders retain trust in organisations that cater to them

The case involving Mikhy Farrera Brochez, 34, is a timely reminder about the devastating effects a data leak can have on the public and the organisation that had been breached.

On Monday, the Ministry of Health had revealed that the personal details and HIV status of 14,200 individuals had been leaked online by Brochez.

For healthcare organisations, the repercussions of a data breach can lead to a loss of reputation and patient trust.

Healthcare providers can also be served with civil and criminal penalties.

A breach can create a sense of urgency to improve security.

Data leaks are often linked to monetary gain but they can also occur for a variety of other reasons.

Employee negligence is an unfortunate but common cause of data breaches. These occur when laptops or mobile phones full of sensitive information are left somewhere vulnerable.

If these items get stolen or the culprit happens to gain access to the system, he or she may leak sensitive data online.

The HIV leak incident shows that even some of the country's most prominent organisations are vulnerable to such incidents.

Organisations must prioritise data security if they are to maintain the trust of their employees, users, consumers, and for healthcare organisations, their patients.

The root of the matter is that we're talking about the personal health and identifiable information (PII) that someone might need to commit crimes or steal a person's identity.

The biggest challenge when it comes to data security is not only how you secure the data, it's how you secure its usage.

The need for strong security measures is evident and it is equally clear that action needs to be taken right away.


With this case, educating the healthcare organisation's top management and employees about the impact of poor security and its consequences on patient retention will help.

Education should include creating awareness about state regulations involving protecting patient information.

Whether due to indifference or ignorance of what security solutions are needed, organisations don't always adequately protect themselves.

As threats become more advanced, they must find solutions that fill their gaps.

Who people disclose their medical status to is an extremely personal decision.

The inquiry into the HIV leak is vital to ensure patients can be confident that the healthcare service will properly safeguard details of their health and treatment records.

Security cannot be an afterthought.

Breaches negatively impact the patient and the broader healthcare ecosystem.

In addition to making healthcare organisations more resilient to a data breach with security enabling technologies, patients' concerns about their personal information should also be addressed.

Transparency and communication is key, as data breach victims are often more concerned with how an organisation responds to a breach than the fact that it had occurred.

They want to be able to trust that an organisation can handle and not just prevent, a data breach.

Organisations can also leverage on available technology that allows clear audit trails of whoever is accessing the data and the ability to encrypt the data so that it cannot be saved into any device to prevent any leaks.

The road to recovery after a data breach isn't an easy one. But it's definitely one any organisation can learn from. Cybersecurity must be a core part of business strategy and culture.

The writer is chief technology officer of, the first vulnerability coordination and bug bounty platform based in Singapore.