10% of hospitals have cybersecurity vulnerabilities

The Yomiuri Shimbun

About 10% of hospitals have continued using equipment that has been identified as vulnerable to cyber-attacks after being warned of the risks, according to a nationwide survey.

The lack of action being taken is highlighted amid several cases of system outages at hospitals due to malicious software dubbed ransomware.

The survey, which was conducted by an organization comprising hospital associations and Medical ISAC Japan, was distributed among 5,596 hospitals belonging to the associations from Jan. 31.

An interim report was compiled based on the 476 responses that had been received by Feb. 10.

About 40% of the respondents had been warned by the government of vulnerabilities to their virtual private networks, which are used to access systems remotely. Of these hospitals, 24% had not subsequently implemented cybersecurity measures.

About 10% of the hospitals were at high risk of being targeted by cyber-attacks.

Some 90% of institutions said they felt threatened by cyber-attacks, but almost half said their budgets for cybersecurity measures were insufficient, at 46%, which appears to indicate a lack of urgency.

Several targeted hospitals were unable to access electronic medical data on its backup system, which was accessible on the internet, for a while after an attack.

According to the survey, 98% of the hospitals had backup systems, but only 47% stored the data offline, separate from their main networks.

Since late January, the Health, Labor and Welfare Ministry has also been surveying hospitals across the country about the use of vulnerable devices and backups.

Based on the results of the survey, it will urge institutions to improve their systems.