The National University Hospital in Singapore recently faced a security breach when a former employee illegally accessed sensitive patient information. The incident came to light when a complainant reported the inappropriate access of their records by Pubaneswary Poobalan, a former senior patient service associate at NUH. Poobalan was found to have accessed the hospital’s business process platform to view the complainant’s records through a video recording.
Although Poobalan had authorization to access the platform for managing patient appointments and billings, she exceeded her scope by retrieving patient information. As a result, she was charged under the Computer Misuse Act 1993, which prohibits unauthorized access and misuse of computer systems. Poobalan pleaded guilty to the charge and was fined SG$3,800 ($2,800) by the court.
NUH expressed deep regret over the incident and emphasized the importance of protecting patient information and upholding confidentiality. The hospital instructed the involved individuals to delete any relevant data, including the video recording, and affirmed its commitment to enhancing data protection measures and educating staff on the significance of safeguarding patient data.
In a broader context, the Singaporean government has been actively addressing cybersecurity and privacy concerns in healthcare settings. Initiatives such as the Healthcare Cybersecurity Essentials guidelines and the voluntary scheme introduced by the Cyber Security Agency of Singapore for medical device manufacturers aim to enhance security measures and promote best practices in securing IT systems. Additionally, the proposed Health Information Bill seeks to establish cyber and data security requirements, including staff training and regular backups and updates.
As healthcare organizations continue to combat cybersecurity threats, it is imperative for them to remain vigilant, implement robust security measures, and collaborate with authorities to prevent unauthorized access and protect patient information effectively.
