Hackers steal patients' data
Officials downplay theft of hospital info
The Public Health Ministry has admitted that patient information from a hospital in north-central Thailand was stolen by a hacker, but an official claimed it was not important personal data.
The ministry said it is going to strengthen its systems by setting up its own unit to deal with cybercrime.
Thongchai Kiratihatthayakon, the ministry's deputy permanent secretary, said the ministry had been aware of the problem since Sunday.
The ministry sent an IT team, with representatives from the National Cyber Security Agency (NCSA), to investigate the incident at Phetchabun Hospital where data of 10,093 patients had been hacked.
"The initial investigation found the hospital's main server had not been attacked and was still working normally," he said. Hospital operations have not been affected, he added.
Dr Thongchai said the hackers attacked programs designed to assist medical workers treat patients which featured patient information such as names, telephone numbers, health records and healthcare universal benefits.
Another program that was hacked involved patient appointment schedules, doctor's patient visit schedules, and the expenditure for patients needing a bone operation, he said.
Dr Thongchai denied reports that personal health data from 16 million patients was stolen and said that only data linked to 10,093 patients had been hacked.
"Usually, these programs use open-source software that a hacker can attack easily. This is not a ransomware attack, but it is one where the data is sold on a website," he said.
Dr Thongchai said that the stolen patient data did not include lab test information or details about drug allergies, or any in-depth personal medical treatment information.
He apologised for the incident.
Anant Kanoksilp, information technology director at the Public Health Ministry, said other servers used by the hospital were not hacked. But he said that the hacking of Phetchabun Hospital is just the tip of an iceberg when it comes to cybercrime in Thailand.
"We need extra measures in handling the problem," he said, adding that the ministry will set up a cyber protection centre to provide an immediate response to cybercrime.
The centre will work with the National Cyber Security Agency and the ICT Ministry, to ensure that all personal health data is fully protected under the law. According to current laws, any person who distributes personal health information without a permit will be fined 10,000 baht or imprisoned for six months, or both.