Siriraj Hospital in Bangkok denies data breach after post lists patient records for sale

In what appeared to be the latest breach of the country’s public health sector, around 39 million patient records from Siriraj Hospital in Bangkok have been listed for sale on an internet database-sharing platform, raidforums.com. The hospital is now denying that its database was hacked.

The Bangkok Post reported that the Faculty of Medicine Siriraj Hospital of Mahidol University, which operates Siriraj Hospital, released a statement saying there has been no data leakage from its faculty or any affiliated hospitals, and that the data set listed was not from the hospital’s database.

The post on raidforums.com says a sample file of the data is available, which is said to include names, addresses, Thai IDs, phone numbers, and dates of birth. The uploader, who goes by the username “WraithMax,” wrote that the price of the data is negotiable, and it will only be sold to one customer. The post claimed that the information isn’t just from the public Siriraj Hospital, but also from VIP records from Siriraj’s private hospital located right next door.

The majority of public hospitals still lack cybersecurity departments or chief information security officers capable of monitoring threats. The authorities are currently investigating the post on the forum. While the motivations of the hacker are still unknown, a sample file can be accessed through Telegram.

Since 2020, there have been three hacks. All of them have been from the public health sector. The latest data breach was back in October 2021 when a hacker posted on raidforums.com with over 100,000 patients from 11 different hospitals.

The Deputy Secretary of the National Cyber Security Agency is aware of the Siriraj situation and is conducting an investigation.

Source: Bangkok Post