Thai Digital Ministry advises organisations to step up cyber security

Minister Chaiwut said the MDES and National Cyber Security Agency (NCSA) has visited the affected hospital and talked to the IT staff to investigate the attack.

Following recent cases of cyber-attacks at hospitals, the Ministry of s Digital Economy and Society encouraged government agencies and private firms holding personal information of customers and patients, to ensure their databases are adequately protected, saying these recent cases were not the first.

The Ministry of a Digital Economy and Society (MDES) held a press conference regarding a recent breach of patient data at Phetchabun Hospital, outlining the types of data leaked and how the incident took place.

The Minister of a Digital Economy and Society, Chaiwut Thanakamanusorn said the MDES and National Cyber Security Agency (NCSA) has visited the affected hospital and talked to the IT staff to investigate the attack.

Initial investigation shows the breech took place within a web portal and application utilized internally by the hospital, while the lack of updates to the hospital’s IT system posed a vulnerability to cyber-attacks.

The authorities have identified data breeched in this incident including patient names, information from the outpatients’ department, doctors’ schedule, and patient details from a COVID-19 field hospital. Sensitive data related to patients’ health and treatment are reportedly safe.

The hospital has already taken action by removing the software in question from the system, and disabling the system’s connectivity to external networks.

The Minister of a Digital Economy and Society says officials from related agencies are now working to arrest and prosecute those involved, while urging government agencies and organizations that maintain a large database of personal information in their systems, to store the information very carefully, with an adequate level of cybersecurity protection.

For government agencies, the MDES has ThaiCERT and GovernmentCERT teams to provide cybersecurity protection.

Hacking, or any unauthorized access to a system or database, is considered a violation to the Cybersecurity Act and the Personal Data Protection Act, with punishment of up to 1 year’s imprisonment; up to 1 million baht fine, or a combined penalty.

Gp Capt Amorn Chomchoey, Director of Thailand Computer Emergency Response Team (ThaiCERT), said the data breech at Phetchabun Hospital is not the first case to have happened, as previous incidents that may not have been of the same magnitude, were not reported in the news.

He stressed the importance of protective measures in data safety, citing the World Economic Forum’s 0.5% success rate arresting hackers responsible in these breeches.

Other incidents of cyber-attacks reported in recent days include a breach of customer data at CP Freshmart. The company acknowledged that the personal data of its customers, including names, phone numbers, and email addresses had been breached. The company says however, that no credit card information was leaked.

A ransomware attack also took place at Bhumirajanagarindra Kidney Institute Hospital, where digital files of some 40,000 patients have been encrypted and made inaccessible since Monday morning. The hospital has already filed a case with the police, while attempting to decrypt the affected files instead of paying the ransom demanded. (NNT)