Cybersecurity and Data Protection
Goal and Performance Highlights
Supporting the SDGs Goals
Stakeholders Directly Impacted
Challenges and Opportunities
In the digital era, where technology plays a crucial role in healthcare services, Sikarin Public Company Limited recognizes the critical importance of cybersecurity and patient data protection as key elements in maintaining medical service standards and building trust with patients.
Operating in today’s healthcare sector presents increasingly complex cyber challenges, including threats from cyberattacks, unauthorized data access, and data leaks—factors that can affect the Company’s reputation and undermine patient confidence. The Company therefore prioritizes maintaining a balance between leveraging digital technologies to enhance service efficiency and strengthening cybersecurity systems to adapt to evolving technologies and regulations. The Company strictly adheres to relevant laws and international standards on data security, such as Thailand’s Personal Data Protection Act (PDPA) and ISO 27001, thereby minimizing legal risks while developing best practices to manage data effectively. Beyond risk mitigation, the Company also views this as an opportunity to raise cybersecurity standards through strategic investments in data protection technologies, cybersecurity infrastructure, and employee cybersecurity awareness. These efforts not only safeguard patient data but also support Sikarin’s competitive edge and long-term goal of becoming a trusted healthcare provider committed to the highest standards of data security.
Management Approach and Value Creation
Sikarin Public Company Limited is committed to conducting its business with the highest standards of data security to ensure the protection of patients’ medical and personal information, in accordance with international standards and applicable laws. The Company emphasizes cybersecurity through the implementation of comprehensive policies, investment in advanced technologies, employee education and awareness programs, and the development of emergency response plans to proactively manage evolving threats.
Policy and Standards on Data Security
Sikarin has established formal policies and standards for data security, including systematic management of cybersecurity risks and controlled access to sensitive information. The Company’s information systems are certified under globally recognized standards such as ISO 27001 and the NIST Cybersecurity Framework, providing assurance that IT operations follow world-class best practices.
Investment in Cyber Threat Prevention Systems
Sikarin places strong emphasis on preventing cyber threats through the deployment of access control systems, automated data backups, and internal data encryption to prevent data loss or leakage. The Company has also implemented intrusion detection and prevention systems (IDPS) and security information and event management systems (SIEM) to enable real-time analysis and alerts for network anomalies. Regular vulnerability assessments and penetration testing (VAPT) are conducted annually to ensure that systems are secure and resilient against cyberattacks.
Fostering a Cybersecurity Culture
Beyond infrastructure, the Company is equally committed to building a strong organizational culture of cybersecurity. Training programs are conducted for employees at all levels to raise awareness and enhance practical skills in cybersecurity, such as secure password creation, phishing prevention, and safe internet usage. Simulated phishing scenarios are also used to test and strengthen employee response capabilities. Additionally, IT personnel are encouraged to attend specialized cybersecurity training courses such as ISO 27001, NIST, and CIS Controls, ensuring the internal team is fully equipped to manage and oversee the security system effectively.
Development of Emergency Response Plans
Sikarin has developed a formal Incident Response Plan (IRP) and Business Continuity Plan (BCP) to ensure uninterrupted operations during cyber incidents. These plans outline procedures for recovering data from unforeseen events such as ransomware attacks, network outages, or natural disasters that may impact medical services. The Company has also established a Disaster Recovery Site to safeguard critical data and ensure fast restoration in the event of unexpected disruptions.
Towards a Secure and Sustainable Future
With comprehensive measures across technology, policy, and people, Sikarin Public Company Limited is committed to elevating its cybersecurity standards to stay ahead of evolving threats.
The Company aims to protect patient data, strengthen service user confidence, and drive stable, sustainable growth in the digital era.
Our Projects
Sikarin's sustainability program focuses on ESG issues, financial performance, community health, environmental impact reduction, and employee welfare promotion.
