The Public Health Ministry of Thailand, under the leadership of Cholnan Srikaew, assured the public of the safety and security of patient data in their system. This response was prompted by a rumour suggesting a breach that exposed the personal information of more than 2.2 million Thai citizens.
The rumour originated from the Rural Doctors Society (RDS), which alleged that the compromised data had been sold on a dark website for a sum of US$10,000 (approximately 360,000 baht). This alleged breach was reported to have occurred this month and comes a year after a similar incident where a hacker threatened to release the personal data of 55 million Thai citizens. The RDS traced the source of the leak back to the Public Health Ministry’s Mor Prom app, according to a post on their Facebook page.
The RDS, having received several complaints from different hospitals concerning the online sharing of information, has demanded an explanation from the Ministry.
“Most staff at state hospitals are not highly skilled in information technology, but they were assigned to work on online information sharing without an adequate budget or clearly structured instructions.”
The recently leaked data is said to include the 13-digit Thai national ID numbers. However, Cholnan denied any connection between this breach and the Public Health Ministry, announcing plans for a joint press conference with the National Cyber Security Agency (NCSA) today.
The health minister stated that four provinces, Phrae, Phetchaburi, Narathiwat, and Roi Et, the test regions for the 30-baht healthcare scheme that shares patients’ information online, are now under strict supervision. Furthermore, hospitals not yet connected to the system will receive personnel training.
“Our system prioritises the personal data security of patients.”
The ministry’s spokesman and head of its Information and Communication Technology Centre, Surakameth Mahasirimongkol, added that the centre is collaborating with the NCSA and other agencies to investigate the leaked data. Preliminary inspection suggests the data is more related to financial transactions than health, reported Bangkok Post.
The ministry issued directives to its agencies to ensure continued compliance with cyber and personal data security measures in line with ISO 27001 or HAIT Plus standards. Additionally, it aims to enhance awareness of cyber threats among health personnel.
Bangkok NewsCrime NewsPolitics NewsThailand News
