Claim on huge patient data leak

Claim on huge patient data leak

Patients pass through thermal scanning as they enter Siriraj Hospital in Bangkok. Their records may be among the reported huge data theft from the hospital. (File photo: Chanat Katanyu)
Patients pass through thermal scanning as they enter Siriraj Hospital in Bangkok. Their records may be among the reported huge data theft from the hospital. (File photo: Chanat Katanyu)

About 39 million purported patient records allegedly from Siriraj Hospital have been offered for sale on an internet database-sharing forum in what appears to be the latest hack of the country's public health sector.

Authorities are investigating the post, which was on raidforums.com.

The leak is said to include records of VIP patients.

There was no clear indication whether the person who on Sunday offered to sell 38.9 million patient records really had such a huge trove of data.

However, the poster said a sample file was available. Contact could be made through a Telegram app account.

The data supposedly comprises names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information, according to the poster, who used the name "WraithMax".

The poster said the price for the data was negotiable and it would go to only one buyer.

"There was a large data leak concerning Siriraj's patient records that has been offered for sale," Dr Sutee Tuvirat, an information systems security professional, told the Bangkok Post.

The data is not only from Siriraj Hospital but also from nearby Siriraj Piyamaharajkarun Hospital, which has records of VIP patients, he said.

Most local hospitals still had no cybersecurity teams or chief information security officers who could monitor threats.

"Even some department stores which invested in cybersecurity have been hacked, but hospitals which keep a great deal of sensitive data still do not make investment in this area a priority," Dr Sutee said.

This latest possible leak from the public health sector follows a series of hacks over the past couple of years.

In October last year, another post on raidforums.com offered data on 100,000 people from 11 Thai hospitals.

Last September, state-run Phetchabun Hospital saw the theft of the data of more than 10,000 patients through its web-based app, which was said to be below standard.

In September 2020, at Saraburi Hospital, a hacker blocked access to patients' medical records and shut down the hospital's telephone lines. The hacker demanded the hospital pay 63 billion baht in Bitcoin.

"Healthcare is one of the targeted sectors as it contains a lot of sensitive information," said Dr Sutee.

"Victims may not even know their data has been misused.

"Once data is breached, hackers will steal all the data. They work professionally, making money and gaining creditability."

The acting deputy secretary-general of the National Cyber Security Agency, Grp Capt Amorn Chomchoey, said he was aware of the Siriraj case and was investigating it.

Do you like the content of this article?
COMMENT (29)

Protest groups call for action on rising living cost

Members of the 24 June Democracy group, the Labour Network for People's Rights and the Thalufah group rallied outside Government House in Bangkok on Tuesday.

18 Jan 2022

Thanathorn's painting NFTs sell for 3.3 milion baht

Progressive Movement leader Thanathorn Juangroongruangkit has sold three of his paintings in a non-fungible token (NFT) auction for more than 3 million baht on Tuesday, with most of the proceeds going to the Thai Lawyers for Human Rights (TLHR) group.

18 Jan 2022

Come back (soon)

Covid restrictions are set to ease, with a lowered alert level, changes to colour-code zones, expansion of sandbox provinces and revival of Test & Go entry all under discussion.

18 Jan 2022