RONALD WONG: The Ministry of Health makes the Ministry of Defence look good when it comes to public accountability – and that’s quite a statement!
A data breach concerning patients’ confidential information was leaked to a 3rd-party in 2016, and it took them over 2 years to inform the affected patients about it.
And, only because that 3rd party leaked the information online last week.
Picture this – a thief entered your home without your knowledge and took things, including your NRIC. The thief is still there. MOH knows there’s a thief there. MOH doesn’t tell you. For 2 years. After the thief has left the building with your stuff and committed a crime using your NRIC, MOH tells you and says sorry. Then you realise that MOH knew all along but kept its mouth shut.
I’m talking about the data leak of HIV patients’ personal details online – which stemmed from a data breach the Health Ministry was aware of as far back as 2016.
How’s that for public accountability?
Was MOH trying to hush up the whole issue and hope that they could catch that thief and put everything back in its original place before the public found out?
You would have thought MOH would have learnt its lesson from the Hepatitis C outbreak, which affected 25 patients and was linked to 8 deaths.
After all, an independent review committee’s damning verdict on safety lapses led to the disciplining of medical staff in Mar 2016 – just 3 months before the data breach involving HIV patients
MOH was widely condemned for – no prizes for guessing why – its failure to disclose information of the outbreak to the public:
-the first infection case was detected on April 2015.
-MOH was informed about the possibility of an outbreak in August 2015.
-only in October 2015 was the public informed of the outbreak.
Following public outcry, MOH said the delay in disclosure was not politically-motivated:
“If there are gaps, we will close them, if there are weak areas, we will correct them, and if there are shortcomings, we will improve.”
Even the staff held accountable for outbreak and the extent of their punishment were never made known (because, as Health Minister Gan said, we don’t want a “blame culture”).
MOH had the chance to prove that it could improve when the HIV-patients’ database was breached just months later, following the rogue antics of an American druggie and the laxness of his doctor-boyfriend.
It clammed up and it was business as usual.
Fast-forward to 2018 – the SingHealth data breach which saw the medical records of 1.5 million patients including the Prime Minister stolen by hackers.
Health Minister Gan Kim Yong again tried to dance around the issue of why MOH took 10 days to inform the public of the hack.
Even when he was questioned in parliament.
Now, on the top of many people’s minds is whether their medical data has been compromised.
Because, they feel they can no longer trust the Health Ministry to be upfront with them until the thief has left the building.
What a shame, and what a stain on the record of the public service.