Health Ministry presses charges against hospital database hacker

[snoop1130]

 

BANGKOK (NNT) - The Ministry of Public Health is pressing charges against the hacker leaking personal information from a hospital database, confirming the incident is not a ransomware attack, and that no sensitive information has been leaked.

 

The Ministry of Public Health (MOPH) today announced it is pressing charges against the hacker who has obtained and sold personal data from a hospital database in Thailand.

 

This response from the Health Ministry comes after an offer posted on 5th September posted in an online forum to sell a set of data containing 16 million records hacked from a hospital in Thailand.

 

The Deputy Permanent Secretary of Public Health, Dr Thongchai Keeratihattayakorn said today the investigation and initial damage assessment launched by the ministry shows the information leaked is a set of 10,095 patient records obtained from a hospital in Phetchabun province, including personal information such as names, addresses, and phone numbers.

 

The leaked data also includes hospital-related data such as shift rotations and appointment schedules. However, no information related to patients’ treatment is included.

 

Dr Thongchai said the ministry believes the hackers involved in the case are the same group as those behind the ransomware attack at Saraburi Hospital last year.

 

Dr Anan Kanoksilp, Director of the MOPH’s Information and Communication Technology Center, said today the hospital in this case is found to be using an open-sourced application requiring internet connection as part of its IT system, creating vulnerability yo cyber attacks.

 

To date, the hospital has disabled its connection to external networks, while its IT systems are still operational. The incident is also not a ransomware attack, where the hacker would encrypt the data preventing any access, and demand payment in exchange for the decryption key.

 

Dr Suttipong Wacharasindhu, Deputy Secretary General of the National Health Security Office, commented today that health-related personal information must be treated as confidential. The exposure of such information causing damage considered a breach of personal rights, an offense punishable by the National Health Act with up to six months imprisonment, a 10,000 baht fine, or a combined penalty.

 

Following the incident, the Ministry of Public Health has pressed charges with the police against the hacker.

 

Deputy Prime Minister and Minister of Public Health Anutin Charnvirakul, said today the ministry will be discussing the enhancing of cybersecurity measures, saying however that he believes each hospital already has adequate measures to safeguard patient information.

 

-- © Copyright NNT 2021-09-07

 

- Whatever you're going through, the Samaritans are here for you

- Follow ASEAN NOW on LINE for breaking COVID-19 updates

[ThailandRyan]

So they filed charges against "Anonymous", or "Unknown" or ?

[Phuketshrew]

21 minutes ago, ThailandRyan said:

So they filed charges against "Anonymous", or "Unknown" or ?

but, but there is a photo of the hacker in the OP .....

[nausea]

 

32 minutes ago, ThailandRyan said:

So they filed charges against "Anonymous", or "Unknown" or ?

Yeah, a name, or names, would add credibility. The use of the word "hacker", followed by "hackers" and "group" doesn't help.

[Nojohndoe]

Presses  charges ? If the source is known ?

[Swiss1960]

They should press charges against the incompetent (self-deleted expressions) who were responsible for designing, developing, testing and approving the Go-Live of that database/application. 

[RichardColeman]

 

 

7 hours ago, snoop1130 said:

Dr Thongchai said the ministry believes the hackers involved in the case are the same group as those behind the ransomware attack at Saraburi Hospital last year.

I imagine as they failed to get them last time, pressing charges is all bluster and no action

[canthai55]

From the OP -

"Deputy Prime Minister and Minister of Public Health Anutin Charnvirakul, said today the ministry will be discussing the enhancing of cybersecurity measures, saying however that he believes each hospital already has adequate measures to safeguard patient information."

 

555

[hotchilli]

12 hours ago, snoop1130 said:

The Ministry of Public Health (MOPH) today announced it is pressing charges against the hacker who has obtained and sold personal data from a hospital database in Thailand

Yet they say no sensitive material was released, the post contains a lot of conflicting statements??

 

[Golden Triangle]

1 hour ago, canthai55 said:

From the OP -

"Deputy Prime Minister and Minister of Public Health Anutin Charnvirakul, said today the ministry will be discussing the enhancing of cybersecurity measures, saying however that he believes each hospital already has adequate measures to safeguard patient information."

 

555

My initial thought was 'obviously not' 555

[khunpa]

Maybe they should start to consider having professional IT-companies make and secure their systems.

Put focus on actually getting a proper system and less attention to kick-backs and hiring incompetent friends for the job.

 

Ohh what am I thinking… will of course never happen.

[Karma80]

5 hours ago, Swiss1960 said:

They should press charges against the incompetent (self-deleted expressions) who were responsible for designing, developing, testing and approving the Go-Live of that database/application. 

I'm pretty sure you can't prosecute 14 year old children working on things as a school project ????

[Artisi]

1 hour ago, canthai55 said:

From the OP -

"Deputy Prime Minister and Minister of Public Health Anutin Charnvirakul, said today the ministry will be discussing the enhancing of cybersecurity measures, saying however that he believes each hospital already has adequate measures to safeguard patient information."

 

555

Yep, seems that way, doesn't it? 

[MrJ2U]

They need people with a background in security to make these apps.

 

Professionals.

 

Doing things always on the cheap will ultimately cost you more in the long run.

 

Stop getting some generals kids to make these important apps.

[Burma Bill]

16 hours ago, Phuketshrew said:

but, but there is a photo of the hacker in the OP .....

Robin Hood??????