Cyber Incident Victim: Bhumirajanagarindra Kidney Institute Hospital

On September 6, 2021, Bhumirajanagarindra Kidney Institute Hospital in Bangkok’s Ratchathewi district experienced a significant cybersecurity incident when staff discovered they could no longer access the hospital’s patient database. A subsequent system investigation confirmed unauthorized access and data theft had occurred. The breach compromised personal details of over 40,000 patients, directly disrupting hospital operations and patient care workflows. Hospital director Dr. Thirachai Chantharotsiri publicly acknowledged the incident on September 8, 2021, confirming the theft’s impact on treatment continuity. The attack was identified as a ransomware operation, distinguishing it from other hospital breaches reported around the same timeframe. No ransomware payment demands or encryption claims were explicitly detailed in available reports, though the theft’s operational consequences were emphasized.

The stolen data’s sensitivity heightened concerns, as patient records contained identifiable information critical to ongoing medical treatment. The hospital did not disclose technical specifics about the attack vector, compromised systems, or containment measures beyond confirming the database breach. Operational disruptions persisted following the discovery, though the duration of system inaccessibility remained unspecified. Public reporting focused on the attack’s clinical implications rather than forensic details, with no attribution to specific threat actors. The incident marked one of multiple Thai healthcare breaches disclosed within a 48-hour period, though it stood apart due to its confirmed data exfiltration and treatment-related consequences for tens of thousands of patients.