Faculty of Medicine Siriraj Hospital announced, ‘No Data breach happens in Organization’. But What should you do if a data breach happens in your company?

According to January 9th News, reported personal information of Siriraj Hospital’s patients was posted for sale through a website. Faculty of Medicine Siriraj Hospital Mahidol University has investigated the facts together with the Office of the National Cyber Security Agency – NCSA 

After an investigation on January 10th, Siriraj Hospital has announced that the database sale on the dark web is not theirs. From the inspection, no breach of information from the Faculty of Medicine Siriraj Hospital and affiliated hospital were found. Siriraj Hospital is currently open for normal business, no treatment and medical services were affected. 

Faculty of Medicine Siriraj Hospital Mahidol University has reassured all service recipients to be confident in the faculty’s endeavor to protect and maintain personal data security with the highest international standards.
However, not many organizations are fortunate and are able to get through Data Breaches without any damages. So, here are things organizations should remember when facing Data Breach.

‘What to do if a data breach happens?’. Only 2-steps will help.

  • 1st step, the company must notify the Office of the Personal Data Protection Commission (OPDPC) within 72 hours after the company acknowledges the data breach together with detail of the Data Breach such as the amount of breached data, type of data, the impact caused by the data breach, remedial measures.
  • 2nd step, in the case that a data breach causes a serious impact. The company is responsible for informing the data subjects that are affected to let them prepare themselves for the incident.

Author: Pitchayapa V., Legal Technology Counselor