Raise awareness of cyber-attacks on hospitals, other vital facilities

The number of cyber-attacks on medical institutions is increasing in Japan and around the world. There have been cases in which surgeries and other operations had to be canceled because images and data could not be used. This is a serious situation that cannot be left unattended.

The damage to medical institutions in Japan began to surface around 2018. Many of the cases were caused by ransomware, a type of malware that encrypts data to make it unusable and money is demanded in exchange for restoring the data.

At a hospital in Osaka Prefecture, a large number of diagnostic images were encrypted, rendering tens of thousands of them unreadable because the hospital did not respond to the perpetrator’s demands. At a hospital in Nara Prefecture, the medical records of more than 1,000 patients could not be accessed.

Much of the data used by medical institutions is life-related. There is also a concern that patients’ personal information may be leaked. There is a high risk that they will continue to be targeted in the future, and measures must be implemented as soon as possible.

Overseas, ransomware has already caused serious damage. At a hospital in Melbourne, the information system was shut down, and some patients’ surgeries were postponed. A hospital in San Diego also had its system shut down, so patients with serious illnesses were transferred to nearby hospitals.

Some hospitals became unable to use their electronic medical record systems and had to pay the requested ransom to restore access.

Medical institutions are rapidly networking their equipment and medical records. Ransomware methods are becoming more malicious, such as using double extortion through which perpetrators not only threaten not to decrypt the data, but also threaten to publicly release it unless they are paid. First, it is important to share an awareness of the crisis on the part of hospitals.

If medical services are stopped, the impact on the local community will be significant. In addition to taking measures to prevent attacks, it would be effective to take other measures such as backing up important data. The public administration side should also consider support measures such as dispatching personnel with expertise in information management to various locations.

In response to attacks, criminal groups should be identified through thorough investigations. Doing so will help to deter attacks.

Many of the attacks seem to be originating from overseas. In the government’s draft of the Cybersecurity Strategy for the next three years, China, Russia and North Korea were named for the first time as countries that are carrying out attacks.

In addition to creating a cyber investigation unit in the National Police Agency, the government said it will also strengthen cooperation with the United States among other countries.

The threat of cyber-attacks is increasing, and damage at facilities, such as hospitals, directly related to the lives of citizens is becoming more prominent.

The government should enhance its defensive capabilities against cyber-attacks, assuming that not only critical infrastructure and defense-related facilities, but also private companies and facilities of high public interest will be targeted.