Hackers steal patients' data

Hackers steal patients' data

Officials downplay theft of hospital info

The Public Health Ministry has admitted that patient information from a hospital in north-central Thailand was stolen by a hacker, but an official claimed it was not important personal data.

The ministry said it is going to strengthen its systems by setting up its own unit to deal with cybercrime.

Thongchai Kiratihatthayakon, the ministry's deputy permanent secretary, said the ministry had been aware of the problem since Sunday.

The ministry sent an IT team, with representatives from the National Cyber Security Agency (NCSA), to investigate the incident at Phetchabun Hospital where data of 10,093 patients had been hacked.

"The initial investigation found the hospital's main server had not been attacked and was still working normally," he said. Hospital operations have not been affected, he added.

Dr Thongchai said the hackers attacked programs designed to assist medical workers treat patients which featured patient information such as names, telephone numbers, health records and healthcare universal benefits.

Another program that was hacked involved patient appointment schedules, doctor's patient visit schedules, and the expenditure for patients needing a bone operation, he said.

Dr Thongchai denied reports that personal health data from 16 million patients was stolen and said that only data linked to 10,093 patients had been hacked.

"Usually, these programs use open-source software that a hacker can attack easily. This is not a ransomware attack, but it is one where the data is sold on a website," he said.

Dr Thongchai said that the stolen patient data did not include lab test information or details about drug allergies, or any in-depth personal medical treatment information.

He apologised for the incident.

Anant Kanoksilp, information technology director at the Public Health Ministry, said other servers used by the hospital were not hacked. But he said that the hacking of Phetchabun Hospital is just the tip of an iceberg when it comes to cybercrime in Thailand.

"We need extra measures in handling the problem," he said, adding that the ministry will set up a cyber protection centre to provide an immediate response to cybercrime.

The centre will work with the National Cyber Security Agency and the ICT Ministry, to ensure that all personal health data is fully protected under the law. According to current laws, any person who distributes personal health information without a permit will be fined 10,000 baht or imprisoned for six months, or both.

Do you like the content of this article?
COMMENT

Lamphun golden dried longan obtains GI registry

Thailand has successfully registered geographical indication (GI) for Lamphun golden dried longan in Vietnam, increasing the number of Thai products with GI registration in foreign countries to eight.

05:26

Manufacturers call for rejig of clean energy laws

Manufacturers want the government to amend laws to allow them to produce and sell electricity from renewable energy sources in order to reduce dependence on expensive fossil fuels, in line with the global clean energy trend, says the Federation of Thai Industries (FTI).

05:11

Thailand remains ranked 43rd in global innovation index

Thailand stayed put at 43rd out of 132 economies in the Global Innovation Index 2022, released by the World Intellectual Property Organization, while the country's gross expenditure on R&D (GERD) financed by business and exports of creative products tops this year's ranking.

05:11