BANGKOK (NNT) – Following recent cases of cyberattacks at hospitals, the Ministry of s Digital Economy and Society today encouraged government agencies and private firms holding personal information of customers and patients, to ensure their databases are adequately protected, saying these recent cases were not the first.
The Ministry of a Digital Economy and Society (MDES) today held a press conference regarding a recent breech of patient data at Phetchabun Hospital, outlining the types of data leaked and how the incident took place.
The Minister of a Digital Economy and Society, Chaiwut Thanakamanusorn said today the MDES and National Cyber Security Agency (NCSA) has visited the affected hospital and talked to the IT staff to investigate the attack.
Initial investigation shows the breech took place within a web portal and application utilized internally by the hospital, while the lack of updates to the hospital’s IT system posed a vulnerability to cyber attacks.
The authorities have identified data breeched in this incident including patient names, information from the outpatients’ department, doctors schedule, and patient details from a COVID-19 field hospital. Sensitive data related to patients’ health and treatment are reportedly safe.
The hospital has already taken action by removing the software in question from the system, and disabling the system’s connectivity to external networks.
The Minister of a Digital Economy and Society says officials from related agencies are now working to arrest and prosecute those involved, while urging government agencies and organizations that maintain a large database of personal information in their systems, to store the information very carefully, with an adequate level of cybersecurity protection.
For government agencies, the MDES has ThaiCERT and GovernmentCERT teams to provide cybersecurity protection.
Hacking, or any unauthorized access to a system or database, is considered a violation to the Cybersecurity Act and the Personal Data Protection Act, with punishment of up to 1 year’s imprisonment; up to 1 million baht fine, or a combined penalty.
Gp Capt Amorn Chomchoey, Director of Thailand Computer Emergency Response Team (ThaiCERT), said the data breech at Phetchabun Hospital is not the first case to have happened, as previous incidents that may not have been of the same magnitude, were not reported in the news.
He stressed the importance of protective measures in data safety, citing the World Economic Forum’s 0.5% success rate arresting hackers responsible in these breeches.
Other incidents of cyberattacks reported in recent days include a breech of customer data at CP Freshmart. The company today acknowledged that the personal data of its customers, including names, phone numbers, and email addresses had been breeched. They company says however, that no credit card information was leaked.
A ransomware attack also took place at Bhumirajanagarindra Kidney Institute Hospital, where digital files of some 40,000 patients have been encrypted and made inaccessible since Monday morning. The hospital has already filed a case with the police, while attempting to decrypt the affected files instead of paying the ransom demanded.
