Siriraj Hospital has denied its database was leaked following claims by a poster on an internet database-sharing forum website on Sunday offering 38.9 million patient records from the hospital for sale.
The poster, who used the name "WraithMax" on raidforums.com, a database-sharing and marketplace forum, indicated the dataset contains the names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information.
The poster said the price for the data was negotiable and it would go to only one buyer.
The poster said a sample file was available. Contact could be made through a Telegram app account.
However, the Faculty of Medicine Siriraj Hospital of Mahidol University, which operates Siriraj Hospital, yesterday issued a statement confirming the dataset was not from the hospital's database.
There has been no data leakage from its faculty or any affiliated hospitals.
The investigation has been done together with the National Cyber Security Agency (NCSA), the faculty said.
The hospital's medical services have seen no impact from the issue, it said.
The faculty makes the protection of personal data of patients its top priority and it has no policy to contact individuals to seek their personal information, it said.
A source at a team investigating the Siriraj case who requested anonymity told the Bangkok Post his team concluded the data was not from Siriraj Hospital, but may have been old data from somewhere else.
The dataset was re-offered for sale online, the source said. Last time, the same set of data was claimed to have been taken from a bank.
Concerns have been rased about cybercriminals targeting the public health sector in Thailand.
In October last year, there was a posting on raidforums.com offering data on 100,000 people from 11 hospitals nationwide.
In September last year, state-run Phetchabun Hospital saw the data of more than 10,000 patients stolen through its web-based application, which is suspected to be of a subpar standard.
"Healthcare is one of the targeted sectors as it contains a lot of sensitive information," said Dr Sutee Tuvirat, a physician and a certified information systems security professional, told the Bangkok Post. "Victims may not even know their data has been misused."
"Once data is leaked, hackers will steal all the data. They work professionally by making money and gaining creditability."
There is a flaw in the public health sector with a lack of cybersecurity teams or chief information security officers to monitor cyber threats, he added.
