6 June 2024

In a recent cyber attack on medical facilities in Thailand, only 10,095 patients’ records were leaked, not 16 million, as the hacker claimed, and the leaked data only contains the patients’ names, the names of their doctors and appointment details, not medical details, according to the Ministry of Digital Economy and Society (DES).

Based on the investigation of Phetchabun Hospital’s system, from where information was hacked, the hospital has fixed the problem and cut internet access from outside, said DES Minister Chaiwut Thanakamanusorn in a press conference today (Wednesday).

The ministry also found that there wasn’t any damage to the system used to process patients. The hospital’s system backs up data every 30 minutes.

Meanwhile, the Director of the Bhumirajanagarindra Kidney Institute Hospital filed a police complaint today, after 40,000 of their patient records were hacked. He explained that, on Monday, the hospital could not access the patient database and found the system had been blocked, while the hacker attempted to retrieve medical histories and dialysis information, possibly remotely.

The next day, someone with a foreign accent called the hospital to negotiate, claiming that the hospital’s system had been compromised. This prompted the hospital to file a complaint with the police, which happened to be at the same time when the systems of the Public Health Ministry and other hospitals were being hacked.

The hospital director admits that the hospital developed the information database itself, which may have left a loophole for hackers.

Phayathai police said that they will seek more information, as they do not yet have a clue as to the hacker’s or hackers’ identity.