The Cyber Crime Investigation Bureau is seeking cooperation from the kingdom's international partners, including the United States, to investigate the hacking of a patient database at Phetchabun Hospital.
A security breach was reported early this week after a user on raidforums.com, a database sharing and marketplace discussion forum, on Sunday claimed to be selling 16 million patient records that were stolen from the Public Health Ministry.
The ministry later clarified that data was stolen from Phetchabun Hospital when its servers were breached. Data for over 10,000 patients was stolen by the hacker, the hospital said.
Attempting to quell concerns over the matter, the hospital insisted the hacked data only contained general and primary information provided by patients, noting the stolen data did not contain any medical or diagnostic information.
Meanwhile, the Bhumirajanakarindra Kidney Institute Hospital recently revealed that 40,000 of its patient records were stolen and its data system was damaged during a security breach, resulting in the hospital being unable to access its X-ray archive.
Thirachai Chantharotsiri, director of the hospital, said the facility received a phone call from a foreigner who claimed to have important information about the hospital's database and tried to negotiate for a payment.
The hospital lodged a complaint with police on Wednesday.
The CCIB said its preliminary investigation showed that a group of Indian hackers was behind the security breach at Phetchabun Hospital, and it was using a server in Singapore.
The group was also likely behind the hacking of a computer system at a hospital in the Northeast and that of Krungthai Bank, the CCIB had said earlier.
However, Pol Lt Gen Kornchai Klayklueng, commissioner of the CCIB, on Thursday said more recent information indicates the hackers were operating in the US.
The CCIB will seek cooperation from US authorities and other international agencies to track them down.
He said the initial findings suggest Phetchabun Hospital downloaded a free content management system (CMS) programme without setting a proper IP address, and that opened a way for hackers to enter.
Breaches in other state and private agency databases are likely to be associated with the compromised CMS programme, Pol Lt Gen Kornchai added.
He said the number of victims in this case is likely to be higher than that reported by the media as the CCIB has found stolen records being sold on the discussion forum.
Minister of Digital Economy and Society Chaiwut Thanakamanusorn said the ministry will tell state agencies to be more aware of the importance of data protection and boost measures in the wake of the breaches.
He said that the Cybersecurity and Computer Crime Acts are key legal tools in dealing with cyber security threats.