2 Tokyo hospitals alerted of possible cyber-attacks

The Yomiuri Shimbun
Tokyo Metropolitan Bokuto Hospital, which was alerted of a possible cyber-attack by the metropolitan government

The Tokyo metropolitan government conveyed an urgent warning in early December to two major hospitals after learning that an international hacker group was preparing to target them.

No damage has been confirmed at present. Many cyber-attacks on hospitals go after small and midsize facilities in regional areas, but this has shown that large hospitals in the capital are also targets.

According to the Office of the Metropolitan Hospital Management and other sources, Bokuto Hospital in Sumida Ward and Matsuzawa Hospital in Setagaya Ward were identified as the targets. Both are run by the metropolitan government.

After being alerted by the Medical ISAC Japan, an incorporated association in Tokyo that promotes cyber safety measures in the medical field, the office called on the hospitals to tighten security. They were urged to implement measures to protect devices that have been identified as vulnerable by the central government, as well as to exercise caution regarding suspicious emails.

The hospitals instructed their staff to take such precautions.

Bokuto Hospital is a large facility with 765 beds and one of the four advanced emergency centers in Tokyo. Matsuzawa Hospital is one of the largest psychiatric hospitals in Japan.

According to sources close to the Medical ISAC, the planned attacks were detected by an overseas security company that monitors the movements of international hacker groups. The company confirmed that the two hospitals had been mentioned by name in a chat room used by hackers and others, and that the email addresses of many employees at several metropolitan hospitals had been also posted there.

This prompted the security company to contact the Medical ISAC, which in turn alerted the metropolitan government.

The Yomiuri Shimbun has learned that since 2016, at least 11 hospitals in 11 prefectures were hit by cyber-attacks using ransomware, a type of malware that encrypts electronic medical records and CT data and then demands a ransom to make them accessible again.

Such cyber-attacks usually involve the following steps: planning, network invasion, data theft, data encryption and a ransom demand. The email addresses posted in the chat room could be used to send messages containing malware.

The cyber-attacks on the two Tokyo hospitals are believed to have been in the planning stage.