Pubaneswary Poobalan accessed confidential patient data to settle a personal dispute
Singapore, April 8 – A 39-year-old Indian-origin former employee of Singapore's National University Hospital (NUH) has been fined SGD 3,800 after pleading guilty to misusing a hospital computer system to access a patient's confidential information without authorisation.Pubaneswary Poobalan, who served as a senior patient service associate, illegally accessed the hospital's SAP system—a digital platform used to manage patients’ personal identification, appointment details, and billing information. However, the system does not store medical histories.
According to The Straits Times, court documents revealed that Pubaneswary, a Singaporean citizen, was no longer employed at NUH at the time of the proceedings. Between June and August 2023, she had received a series of anonymous letters at her residence. These letters referenced a man referred to only as “the witness” due to a gag order.
Believing that a woman—referred to in court as “the victim”—was responsible for sending the letters, Pubaneswary suspected she had gained access to her home address through contacts in the healthcare industry.
Breach Occurred During Night Shift
On the night of October 23, 2023, while on duty at NUH, Pubaneswary used the SAP system to search for the victim’s details using her first name and date of birth. This search returned four matches, one of which pertained to the victim. She then accessed the record and video-recorded sensitive personal information, including the victim’s NRIC number, full name, date of birth, address, and contact details.Deputy Public Prosecutor Samuel Chew stated that although Pubaneswary had legitimate access to the SAP system for her role, she was not authorised to view patient records outside of her official duties.
DPP Chew added, “The accused... video-recorded her entire act, as she wanted to prove to the witness that the victim had the capability of obtaining her home address.”
Complaint Triggers Internal Probe
The breach came to light after the victim filed an online complaint on May 14, 2024. NUH promptly launched an internal investigation, during which Pubaneswary admitted to the unauthorised access.In response, NUH filed a police report and informed the Ministry of Health. A hospital spokesperson said, “We have taken immediate steps to request that the involved parties delete the relevant data in their possession. We deeply regret this incident.”
Reaffirming their commitment to patient confidentiality, the spokesperson added, “Protecting and upholding the confidentiality of patient information is paramount to us, and we do not tolerate the violation of this trust. We will continue to take proactive measures to safeguard patient data and educate staff on the importance of data protection.”
Last updated by a enewsx:
