Hospitals urged to beef up cybersecurity after breach report

Hospitals urged to beef up cybersecurity after breach report

Siriraj Hospital has denied its database was leaked following claims by a poster on an internet database-sharing forum website on Sunday offering 38.9 million patient records from the hospital for sale.

The poster, who used the name "WraithMax" on raidforums.com, a database-sharing and marketplace forum, indicated the dataset contains the names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information.

The poster said the price for the data was negotiable and it would go to only one buyer.

The poster said a sample file was available. Contact could be made through a Telegram app account.

However, the Faculty of Medicine Siriraj Hospital of Mahidol University, which operates Siriraj Hospital, yesterday issued a statement confirming the dataset was not from the hospital's database.

There has been no data leakage from its faculty or any affiliated hospitals.

The investigation has been done together with the National Cyber Security Agency (NCSA), the faculty said.

The hospital's medical services have seen no impact from the issue, it said.

The faculty makes the protection of personal data of patients its top priority and it has no policy to contact individuals to seek their personal information, it said.

A source at a team investigating the Siriraj case who requested anonymity told the Bangkok Post his team concluded the data was not from Siriraj Hospital, but may have been old data from somewhere else.

The dataset was re-offered for sale online, the source said. Last time, the same set of data was claimed to have been taken from a bank.

Concerns have been rased about cybercriminals targeting the public health sector in Thailand.

In October last year, there was a posting on raidforums.com offering data on 100,000 people from 11 hospitals nationwide.

In September last year, state-run Phetchabun Hospital saw the data of more than 10,000 patients stolen through its web-based application, which is suspected to be of a subpar standard.

"Healthcare is one of the targeted sectors as it contains a lot of sensitive information," said Dr Sutee Tuvirat, a physician and a certified information systems security professional, told the Bangkok Post. "Victims may not even know their data has been misused."

"Once data is leaked, hackers will steal all the data. They work professionally by making money and gaining creditability."

There is a flaw in the public health sector with a lack of cybersecurity teams or chief information security officers to monitor cyber threats, he added.

Do you like the content of this article?
COMMENT

Grim winter looms as wartime Ukraine braces for infrastructure attacks

KHARKIV, Ukraine: In an abandoned tower block damaged by Russian shelling in Ukraine's second city, Olga Kobzar plans to tough out winter for as long as she can without electricity, water and central heating by lighting the gas stove in her kitchen for warmth.

14:59

Red flags fly as Yom, Nan rivers at critical levels in Phichit

PHICHIT: The Yom and Nan rivers reached critical levels on Tuesday, with red flags flying at all bridges crossing the two rivers in this northern province.

14:55

Kanye West debuts 'White Lives Matter' shirt

After recently severing ties between apparel giants Adidas and Gap and his Yeezy sneaker line, controversial American rapper Kanye West held a surprise fashion show during Paris Fashion Week to debut his new collection, named Yzyszn9.

14:10