Cyber Incident Victim: Saraburi Hospital

On September 5, 2020, Saraburi Hospital's director publicly confirmed a ransomware attack had compromised the hospital's computer systems. The attack disrupted normal operations, though no ransom demand was communicated to the hospital by the attackers. In response to the system compromise, the hospital advised patients visiting the facility to bring physical copies of their medical records and old medicine packaging to ensure continuity of care during the IT outage. This directive indicated critical patient data systems were rendered inaccessible, forcing reliance on manual documentation processes. The hospital did not disclose technical details about the ransomware variant, initial attack vector, or scope of encrypted systems beyond confirming the core computer network was affected. No patient data exfiltration or additional attacker objectives were reported.

The incident significantly impacted hospital workflows, necessitating temporary procedural adjustments to maintain basic services. The explicit instruction for patients to supply their own medical information suggested electronic health records were unavailable for retrieval or consultation by clinical staff. This operational disruption highlighted healthcare vulnerabilities to ransomware attacks targeting critical infrastructure. The absence of a ransom demand contrasted with typical ransomware incidents, leaving the attackers' motives unclear. Saraburi Hospital did not release information regarding system restoration timelines, incident detection methods, or containment measures undertaken during the response. The attack underscored the immediate consequences of cybersecurity incidents on healthcare delivery, particularly the reliance on manual workarounds when digital systems become unavailable.