
One of Thailand’s private hospitals was fined for violating clients’ privacy after their names and diagnoses were found on street food wrappers.
It turned out that instead of disposing of the old documents, they were simply “repurposed” and given to street food vendors to use as wrappers.
The violation first came to light on social media in May 2024, when local blogger Doctor Lab Panda posted a photo of a Khanom Tokyo street snack wrapped in what had once been a medical certificate or report — with the names of clients, their diagnoses, and the results of laboratory tests.
In this case, the blogger received a meal with the conclusion of a man infected with the hepatitis B virus.
“Should I keep eating, or is this enough?” — asked Doctor Lab Panda in a post that garnered 33,000 reactions and 1,700 comments.
The comments were mostly critical of the hospital, but some users were most concerned about food safety.
“We need to boycott vendors who use such recycled paper. They know it’s dangerous.” — wrote one of the commentators. Another added: “The hepatitis B virus is unlikely to be transmitted through paper. However, we are concerned that the paper has passed through an unknown number of hands, and toxic substances from the printing ink may have contaminated the food.”
A subsequent investigation by Thailand’s Personal Data Protection Committee revealed the leak of more than 1,000 pages of confidential records. On August 1, 2025, the hospital was eventually found guilty of “failing to properly protect and dispose of customer data” and fined 1.21 million baht (about $37,000).
The name of the medical facility was not disclosed, but it is known that it was private and located in Ubon Ratchathani province. The reports specify that the hospital outsourced the disposal services to a small family business that kept the documents at home instead of destroying them. The contractor also received a fine of 16,940 baht ($523) for mishandling personal information.
Earlier, ITC wrote about leakage of personal information of customers of the Pandora jewelry chainas well as the household chemicals manufacturer Clorox, which was hacked with a single call — technical support issued a password and disabled MFA.
Source: Bangkok Post, SCMP
Spelling error report
The following text will be sent to our editors: