Report Thai Hospital Slammed with 1.2M Baht Fine for Snack Bag Fias

[webfact]

Picture courtesy of PDPA Thailand

 

A renowned Thai hospital has been slapped with a hefty fine of 1.2 million baht after an alarming incident involving patient records being used as snack bags. The Personal Data Protection Committee (PDPC) made the shocking discovery, shattering public confidence in the healthcare sector.

 

The startling situation became public when paper files from the hospital's patient registry were repurposed as pouches for crispy crepes, locally known as khanom Tokyo. This breach highlighted significant lapses in data handling procedures, raising serious questions about privacy and data protection.

 

The PDPC's probe revealed that over 1,000 sensitive documents were misplaced after being sent away for destruction. The hospital had entrusted a small business with disposing of the documents but failed to monitor the process appropriately. The business owner admitted to storing the documents at his residence, which led to their leakage.

 

In response, the hospital was fined 1.21 million baht, while the disposal business owner was fined an additional 16,940 baht. This incident represents a major error in data security, which calls for rigorous oversight.

 

Another alarming case revealed by the committee involved a state agency that saw personal info of over 200,000 citizens leaked after a cyberattack. The data breach led to the sale of sensitive data on the dark web, revealing significant vulnerabilities.

 

The investigation into this cyber incident revealed weak security measures, including fragile passwords and a complete lack of risk assessment. An additional flaw was the absence of a data processing agreement with the app developer. Consequently, the agency and its private contractor faced a combined fine of 153,120 baht.

 

Additionally, three other cases focused on data leaks from online retailers and distributors, resulting in fines between 500,000 and 7 million baht.

 

Since its establishment in 2024, the PDPC has resolved six major cases of data breaches, totalling 21.5 million baht in fines. These incidents underscore the urgent need for enhanced data protection practices and stricter compliance across all sectors.

 

As Thailand grapples with these unsettling revelations, the spotlight remains firmly on the need for stricter data handling measures. The trust in institutions is at stake, and these penalties highlight the accountability required to safeguard personal information.

 

  Adapted by ASEAN Now from The Thaiger 2025-08-04