Thai officials are scrambling to find out who hacked a Public Health Ministry database leading to the theft of personal data of a claimed 16 million people.
Public Health Minister Anutin Charnvirakul refuted assertions by the anonymous hackers, saying only 10,000 records were leaked and none of them contained important information.
The hack occurred at a government hospital in Phetchabun.
Deputy Permanent Secretary Thongchai Kiratihatthayakon said the ministry became aware of the hack on Sunday. It sent an information-technology team, including representatives of the National Cyber Security Agency, to investigate the incident at Phetchabun Hospital where data of 10,093 patients were stolen.
He said the hospital’s main server was unaffected and still operational. The hospital, likewise, is operating normally.
Thongchai said the hackers targeted applications to help medical personnel treat patients. Those apps housed patient names, telephone numbers, health records and healthcare universal benefits.
Another program that was hacked involved patient appointment schedules, appointment schedules, and estimates for orthopedic operations.
Anutin said people should not panic. If patients’ data were stolen, there would be legal action and a culprit would be arrested and punished as soon as possible, he said.
The National Health Act defined personal health data as the classified information which could not be disclosed in the way that could damage concerned people. The hack also violated the Criminal Code and the Computer Crime Act, Anutin said.
On the “Raidforums.com” website, a user named “Inanimate” announced on Sept. 5 the intention to sell a 3.8-gigabyte file of patient data for US$500, or about 16,240 baht. The user required payment via cryptocurrencies.