Private information belonging to over 17,000 patients are at risk of exposure on the National Neurology Registry (NNeuR) website, according to the Health Ministry in its preliminary investigation.
The Health Ministry issued the statement after taking note of an earlier report by website Free Malaysia Today about how a scripting error on the NNeuR website may have allowed access to a confidential patient database, which included information such as NRIC, phone numbers and addresses.
The Ministry said it is working with National Cyber Security Agency (Nacsa), Malaysia Communications and Multimedia Commission (MCMC) and Cybersecurity Malaysia for further investigation. It added that it is taking the matter seriously and will not compromise on matters related to protecting patients' private information.
The NNeuR was created in 2008 with the support of the Health Ministry to gather information about stroke and epilepsy in Malaysia. A check by The Star found that the website contained a lot of outdated general information such as contact numbers that are no longer in service and names of staff members who have retired.
This is possibly the second data breach involving the Health Ministry in 2019. In September, Germany-based security firm Greenbone Networks claimed that information on 19,992 radiological reports from Malaysia was freely accessible on computer servers worldwide.
In 2017, The Star reported that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association (MMA) and Malaysian Dental Association were also leaked as part of a massive data breach that involved over 46 million mobile number subscribers.