After the Bangkok Airways cyber attack reported last week, it seems there has been another significant data breach in Thailand.
This week, it was a data breach at two Thai hospitals — Phetchabun Hospital and Bhumirajanagarindra Kidney Institute Hospital — both of which had more than 40,000 patients’ personal data compromised or stolen.
The hackers even went as far as demanding a ransom from Phetchabun Hospital by placing their claim on a website known for selling hacked information.
Bhumirajanagarindra Kidney Institute Hospital also received a ransom demand after they discovered that hospital’s cyber attack had take place, but this time from an English-speaking man via a phone call.
After the hospital recorded the phone call and then reported the ransom demand to the police, the would-be ransomer did not call back.
Thailand’s Cyber Crime Investigation Bureau (CCIB) is now working on both cases, and so far says they believe the Phetchabun Hospital cyber attack was likely carried out by Indian hackers.
They also believe it may be the same group that was responsible for July’s cyber attacks on Krungthai Bank and Kasikornbank (KBank).
The investigation of the cyberattack on the two Thai hospitals is currently continuing, with the CCIB hoping to have a definite answer as to who was to blame in coming days.
There has not been any concrete evidence presented yet, however, as to how hackers were able to gain access to the hospitals’ data bases.
The CCIB has said it could have been via something as simple as a link a hospital employee clicked on, or it could just have been as a result of the hospitals’ database passwords being too easy to guess.
The Bhumirajanagarindra Kidney Institute Hospital cyber attack is thought to have possibly occurred after an outside firm upgraded the hospital’s computer system.
Police are now investigating those claims.