THE Opposition People’s National Party (PNP) has reiterated its call for the fast-tracking of a Cybersecurity Act following indications of a data breach at the National Health Fund (NHF) by Minister of Health Dr Christopher Tufton.

Addressing a post-Cabinet media briefing at Jamaica House on Wednesday Tufton put the nation on guard that personal information of some NHF clients may have been compromised.

Tufton noted that information has been circulating online about a breach of the database at the NHF and confirmed that there was a threat from a hacker group which claimed that it gained access to some data.

But Tufton pointed out that there has been no evidence to definitively say that data was accessed by the hackers.

“It is not yet confirmed even though they have indicated some of the data they say they have. Enough evidence was gathered to require the agency to report the incident to the Office of Information Commissioner,” Tufton explained.

He said the leadership of the NHF has also reported the matter to the Major Organised Crime and Anti-Corruption Agency (MOCA).

“The team has reached out to MOCA to update them on the situation and will engage with the relevant agencies…for support with the investigation. Just top assure the public that immediate steps have been taken to reinforce security protocols and hardening of the organisation’s security posture is ongoing. This data is about medication or maybe who benefits from. It is confidential data. We don’t reveal our history of medication administration,” said Tufton.

BROWN…the risks are immediate; our legislative response must reflect that reality.

In an immediate response Opposition spokesperson on science, technology, data and digital transformation Christopher Brown said the cyber incident involving the NHF underscores the urgent need for comprehensive cybersecurity legislation.

“The Government must fast-track and table a Cybersecurity Act this calendar year, rather than delay until 2027,” said Brown.

“Just last week, in Parliament, I warned that Jamaica urgently requires a Cybersecurity Act to establish minimum security standards, accountability frameworks, and enforcement mechanisms across Government. The NHF incident underscores precisely why that legislation can no longer be delayed,” added Brown.

He pointed out that Government figures indicate that cyber incidents and attempted attacks have risen from approximately 12 million in 2022 to 49 million in 2025, “reflecting a rapidly escalating threat environment targeting both public institutions and citizens’ personal data. Yet Jamaica still lacks a dedicated legislative framework requiring public bodies to meet baseline cybersecurity standards before an incident occurs”.

Brown argued that while the Government has suggested a timeline extending to 2027 for cybersecurity legislation, recent events make clear that this pace is wholly insufficient.

“The risks are immediate; our legislative response must reflect that reality. I therefore renew my call for the Government to fast-track the drafting and tabling of a Cybersecurity Act without further delay. Every day without that framework is a day Jamaica’s citizens, institutions, and digital future remain unnecessarily exposed. The Government must act and it must act now,” declared Brown.