Thai hospital fined 1.2 million baht for data breach via snack bags
Medical data mishandling shakes public trust in healthcare
A significant private hospital in Thailand has been penalised with a fine of 1.2 million baht after patient paper records were discovered being repurposed as snack bags, as reported by the nation’s data protection authority.
This incident was one of five major cases announced on August 1 by the Personal Data Protection Committee (PDPC), which also included penalties for data law violations against various entities.
The hospital, which remains unnamed, faced scrutiny when its patient registry paper files were found to be used as pouches for crispy crepes, locally referred to as khanom Tokyo.
The PDPC’s investigation uncovered that over 1,000 protected files were misplaced after being dispatched for destruction. The hospital stated that it had assigned document disposal to a small enterprise but failed to ensure follow-up. The business owner accepted responsibility, noting that the documents were leaked after being stored at their residence.
ดูโพสต์นี้บน Instagram
As a result, the PDPC issued a fine of 1.21 million baht (US$37,210) to the hospital, while the disposal business owner received a fine of 16,940 baht (US$520).
Another case disclosed by the committee involved a state agency that leaked personal information of over 200,000 citizens following a cyber-attack on its web application. The compromised data was subsequently offered for sale on the dark web.
The investigation identified insufficient security measures, including weak passwords and the lack of a risk assessment, alongside the absence of a data processing agreement with the web application developer. Consequently, a combined fine of 153,120 baht (US$4,710) was levied on both the agency and its private contractor.
The remaining three cases involved data leaks from online retailers and distributors, with fines ranging between 500,000 and 7 million baht (US$15,375 and 215,250).
Since the year 2024, the PDPC has concluded six cases of personal data violations, amounting to a total of 21.5 million baht (US$661,130) in fines, reported Bangkok Post.
Latest Thailand News
Follow The Thaiger on Google News:
