Public Health Minister Cholnan Srikaew gave his assurance on Tuesday that patient data stored in the ministry's system is safe and secure following a rumour that the personal information of over 2.2 million Thai people had been leaked.
Dr Cholnan made the remark in response to a claim by the Rural Doctors Society (RDS) that the information of 2.2 million Thais had been sold to a dark website for US$10,000 (360,300 baht).
The RDS claimed the information was leaked this month, one year after another incident in which a hacker threatened to release the personal data of 55 million Thai nationals.
According to the RDS's Facebook post, that leak originated from the Public Health Ministry's Mor Prom app.
The RDS called for an explanation from the ministry, noting it has been receiving complaints from many hospitals regarding the sharing of information online.
"Staff at most state hospitals aren't that great in terms of their information technology skills, but they were ordered to work on online information sharing without a proper budget or well-organised instructions," the RDS said.
The recently leaked data includes the 13-digit Thai national ID numbers, according to Dr Cholnan. He said the leak was not linked to the Public Health Ministry.
He said he would hold a press conference with the National Cyber Security Agency (NCSA) on March 20.
Hospitals in Phrae, Phetchaburi, Narathiwat and Roi Et, the four pilot provinces in the 30-baht healthcare scheme that shares patients' information online, are now being supervised intensively, he said.
For hospitals that have not yet been connected to the system, there will be personnel training.
"I assure you that our system prioritises the personal data security of patients," the public health minister said.
Dr Surakameth Mahasirimongkol, the ministry's spokesman and director of its Information and Communication Technology Centre, said the centre has been working with the NCSA and other agencies to probe the leaked information.
An initial inspection suggested it concerned financial transactions rather than health-related data, he said.
The ministry has instructed its agencies to strictly comply with cyber and personal data security measures to stay in line with ISO 27001 or HAIT Plus standards, as well as boost awareness of cyber threats among health personnel.
