Posted on September 8, 2021 at 5:05 PM
Threat actors infiltrate a hospital in Thailand, stealing 16 million patient records
Thailand’s Ministry of Health has admitted a hacking incident, with millions of data stolen and put up for sale on the darknet.
According to the report, the majority of the stolen data was from the Phetchabun Hospital. Officials stated that investigation about the incident is ongoing, and it will make the perpetrators face the law.
The stolen records include the full names of the patients, their admission registration numbers, their doctors’ names, phone numbers, home addresses, medical records of the patients, and the name of the hospitals.
Following the leak, the hospital went completely offline and disconnected its internal networks, but its IT networks are still operational.
The cybersecurity department of the Health Ministry, during its investigation, will check the security system of the Ministry to find out whether it meets international standards.
The website where the hacking incident occurred has been taken down by the ministry. That means the information regarding the nature of the leak and how many people have been affected has to wait for now.
A Vulnerable System Gave Hackers Access
Several security experts have opined how the threat actors were able to get into the security framework of the ministry and steal data. Cybersecurity researcher Prinya Hom-anek stated that there are visible flaws in the system, which gave the hackers access to the network.
He further stated that a strong password should be created to prevent a repeat of the hacking incident.
An official of the north-central Thailand hospital claimed that the stolen data is not important and will not have any impact on the organization, its employees, or the patients. “Hospital operations have not been affected,” the official started.
But the ministry says it is committed to providing a stronger security system that will fight cybercrime.
Some Programs Were Affected
Permanent Secretary of the Ministry of Health, Thongchai Kiratihatthayakon, admitted that the ministry was aware of the hacking incident since Sunday.
He also said the ministry has contacted the National Cyber Security Agency (NICSA) to carry on an investigation on the incident, and they are working together to unravel the situation.
Dr. Thongchai stated that the threat actors infiltrated the programs meant to help health workers treat patients.
Also, another affected program involved the expenditure of patients that require a bone operation, doctor’s patient visit schedules, and patient appointment schedules.
While it was reported that 16 million patient records were stolen, Dr. Thongchai denied the report, stating that only 10,093 patients were hacked.
He added that the type of hacking incident will not warrant the hackers to seek a ransom. Rather, the stolen data will be probably sold on the darknet.
He also stated that the stolen patient data doesn’t include details about drug allergies or lab test information. It also didn’t include any vital personal medical treatment detail.
The Hospital’s Server Is Not Impacted By The Incident
The information technology director at the Public Health Ministry, Anant Kanoksilp, also commented about the hacking incident.
He stated that the hackers did not steal any information available in the servers in the hospital, but only those details provided on its website.
He added that the latest incident is one of the many examples of the reason it’s very important to make cybersecurity a top priority.
“We need extra measures in handling the problem,” he reiterated and noted that the ministry is working to set up a cyber protection center to offer an immediate response to cybercrime.
Deputy secretary-general of the National Health Commission, Sutthipong Wasusophaphon, pointed out that it’s illegal to disclose personal data, except under specific conditions.
Disclosure is termed an infringement on individual rights, which can attract a fine of 10,000 baht or a prison term of up to six months.
The Health Ministry is responding to an advert of patients offered on the darknet a few days ago. The threat actors stated that they have 16 million patient records that have been offered for sale.
The level of attacks on hospitals and the health sector, in general, has increased over the past months. In most cases, the threat actors responsible for the attack offer this stolen data to the highest bidder on the darknet. They are only relevant to those who are looking to carry out phishing attacks or impersonate a victim whose data has been exposed. As a result, Thailand’s health ministry has advised hospitals and other health organizations to enhance security and protect their systems using the highest security measures.