KUALA LUMPUR: The Health Ministry is investigating reports of a data leak involving the patient records of nearly 20,000 Malaysians.
Health Minister Datuk Seri Dr Dzulkefly Ahmad said his Ministry views the breach seriously and has called for a special meeting with the Malaysian Communications and Multimedia Commission (MCMC) and National Cyber Security Agency (Nacsa) to identify the source of the leak, revealed by Germany-based security firm Greenbone Networks.
“We have discussed actions that need to be taken to curb this matter, ” he said.
The ministry will also be reviewing the Picture Archiving and Communication Systems (PACS) application at its healthcare facilities, since the leak involved radiological reports.
The risk of information exposure exists at all healthcare facilities, including private hospitals and medical learning institutions, he said.
He was responding to the Sept 16 report by Greenbone Network report claiming that information on 19,992 radiological reports from Malaysia was freely accessible on computer servers worldwide.
“We take this report seriously, ” he said in a statement on Thursday (Sept 19).
The Health Ministry would also be taking some measures such as mapping the exposure risks in all medical facilities, reinvestigating the exposure risks of hospital using PACS, and continuously increasing the security standards of applications and IT infrastructure of all health facilities.
“A lesson from the Greenbone Networks report and the cyber-attacks happening around the world shows that we are in a new era of cyber threats, ” said Dr Dzulkefly.
He added that cybersecurity is an ongoing concern that would require more specialists to address.
The Ministry will also issue statements as the situation develops, he promised.
Greenbone Networks identified the data leak problem in at least 52 countries, including Australia, China, Japan, the United Kingdom, France, the United States, Russia and Brazil.
The United States was most heavily affected with 13.7 million data sets and 45.8 million images compromised. For Malaysia, 19,922 patient data records were publicly accessible from three archive systems, along with 1.2 million images associated with these records.
A Channel News Asia story quoted Greenbone Networks as saying that this data leak was “one of the largest data glitches worldwide to date”, with personal data including full names, dates of birth and dates of the medical examination available online, along with images of X-ray, CT and MRI scans.
The report also warned that the data could be exploited by attackers for various purposes, such as publishing names and images to harm a person’s reputation, or processing the personal data in preparation for identity theft.