A group of Indian hackers using a server in Singapore is behind the patient data hacking at Phetchabun Hospital, the Cyber Crime Investigation Bureau (CCIB) found in a preliminary investigation.
Data claimed to contain personal information of 46,000 patients at the hospital was posted on the website Raidforums.com, along with a ransom demand.
"We believe the data is real and it was hacked through clickbait. Someone at the hospital must have clicked on a malicious link, which resulted in the hospital's database getting hacked," Pol Lt Gen Kornchai Klayklueng, CCIB chief, said. "Or maybe it could be the passcode was too easy to guess," he said.
The group was also likely behind the earlier hacking of a computer system at a hospital in the Northeast and that of the Krungthai Bank, he said. The CCIB is tracking the group. A similar hacking incident was yesterday reported to Phaya Thai police.
Dr Thirachai Chantharotsiri, director of Bhumirajanagarindra Kidney Institute Hospital in Bangkok, lodged the complaint. He also submitted an audio clip containing an alleged ransom demand made by an English-speaking caller to a hospital executive after the hospital's database was hacked on Monday.
The hospital was unable to access its patient database from 5am and shortly after that the caller rang with the ransom demand.
The caller said he would call back again on Tuesday but didn't, he said. The database, containing information about 40,000 patients, was still inaccessible and the IT department was retrieving data from a backup server, he said.
Dr Thirachai said he suspected a security breach in the computer system occurred when the hospital recently allowed a software company to remotely access the system to install new software.
He said he didn't suspect the software company of having anything to do with the hackers because the company is highly trusted. Phaya Thai police insisted people at the software company must be questioned.