According to the ministry, the records belonged to 5,400 Singaporeans diagnosed from 1985 to January 2013 and 8,800 foreigners who were diagnosed from 1985 until December 2001. Additionally, the trove of data included the information on 2,400 persons who had contact with the patients, identified through contact tracing, up to May 2007.
Permanent Secretary of Heath Chan Heng Kee told reporters at a media briefing on Monday that of the 5,400 Singaporeans whose information had been leaked, 1,900 of them had already died, Channel News Asia reported.
The records contained individuals' names, identification numbers, phone numbers, addresses, test results and a slew of other health information. Although access to the confidential information has been disabled, it is still in Brochez's possession and could be publicly disclosed again in the future.
"We are sorry for the anxiety and distress caused by this incident. Our priority is the wellbeing of the affected individuals," a release from the Ministry of Health (MOH) reads. "We are working with relevant parties to scan the internet for signs of further disclosure of the information."
Officials have been working since Saturday to inform affected individuals of the mishap. Local media reports suggest that 900 affected persons have been contacted so far.
Brochez, who lived in Singapore between January 2008 and June 2016, obtained the documents from Ler Teck Siang, his Singaporean partner who worked as the head of MOH's National Public Health Unit from March 2012 to May 2013.
"Ler had authority to access information in the HIV Registry as required for his work," the release explains, noting that the physician was charged in June 2016 and convicted in September 2018 for helping Brochez cheat and provide false information to the police and Health Ministry. Ler was sentenced to 24 months in jail, but has since filed an appeal, which is expected to be heard in March.
Brochez was deported from Singapore in May 2018 after he served a 28-month prison sentence for "numerous fraud and drug-related offences," which stemmed from him lying about his HIV-positive status to the Ministry of Manpower in order to maintain his employment visa.
While the MOH statement doesn't give an exact motive for the leak, it does state that it was the result of "mishandling of information by Ler, who is suspected of not having complied with the policies and guidelines on the handling of confidential information."
It further noted that despite the ministry's efforts to search for and seize all information that may have been taken from the HIV Registry, it wasn't until January 22, 2019, that officials were notified that Brochez still possessed documents from the registry.
Authorities have since launched an investigation into Brochez, and are seeking assistance from "foreign counterparts" to aid in their efforts. The release did not specify which officials would be joining the investigation.
The ministry noted in its statement that since 2016, it has set up additional safeguards in order to prevent any information from being mishandled in the future. New safety measures include a two-person approval process to either download or decrypt information from the HIV Registry.
This latest incident comes months after a major cyberattack on Singapore's government health database saw hackers steal the medical information of some 1.5 million people, including that of Singaporean Prime Minister Lee Hsien Loong. At the time, government officials called it the "most serious breach of personal data" in the country's history, Reuters reported.
