Weak cybersecurity leaves hospitals vulnerable to ransomware attack, data leaks
![The photo shows plastic surgery and dermatology clinics in Seoul on Jan. 28, 2024. [YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/08/8d36fa3b-c7de-4b93-9636-dc1067ceb70d.jpg)
The photo shows plastic surgery and dermatology clinics in Seoul on Jan. 28, 2024. [YONHAP]
Hospitals and clinics across Korea continue to suffer ransomware attacks and data leaks as weak cybersecurity systems and insider threats expose sensitive medical information. Hospitals remain highly vulnerable, even though medical information requires strict protection. Only a few major hospitals respond effectively when attacks occur, according to medical officials.
A hospital in Seoul recently shut down operations after malware infected its electronic medical records. Attackers launched a ransomware assault, then demanded a large amount of Bitcoin in exchange for restoring the system. The hospital paid, and its systems returned to normal.
Under current medical law, hospitals must report such incidents to the Ministry of Health and Welfare, but the hospital chose not to.
Another major hospital recently faced a ransomware attack. The hospital operated a secondary bypass network separate from its main system, and that bypass network lacked security controls. Attackers entered through the bypass, reached internal servers and planted malware codes.
It was only when the hackers attempted to deploy the ransomware program that the monitoring system at the Korea Social Security Information Service (SSIS) detected the attempt. SSIS immediately contacted the hospital and advised staff to “pull the LAN cables.” The hospital avoided a major crisis. SSIS, which analyzes server logs and network traffic for the hospital, detected roughly 200 attempted attacks last year and this year.
Only 19 of the country’s 35 private general hospitals receive SSIS monitoring services. Among 270 general hospitals, only 20 do so. Out of more than 70,000 local clinics, only five use the service. Many hesitate because the service costs 12 million to 18 million won ($8,100 to $12,000) a year. National university hospitals receive separate cybersecurity support from the Ministry of Education.
![3D printed models of people working on computers and padlock are seen in front of a displayed data leaking words and binary code in this picture illustration created on Feb. 1, 2022. [REUTERS/YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/08/97d7aec3-7d17-415f-a3da-e4e0b352bc19.jpg)
3D printed models of people working on computers and padlock are seen in front of a displayed data leaking words and binary code in this picture illustration created on Feb. 1, 2022. [REUTERS/YONHAP]
“Attackers plant the malware code first, launch the ransomware program, then attempt a third attack by planting additional malware to steal internal data such as medical records,” said Lee Sung-hoon, head of the SSIS Medical Information Protection Center. “But multiple rounds of attacks make the third attempt much harder.”
Hospitals can recover if they back up their data. But proper backups require storing copies on external drives that remain physically separated from the system, and few hospitals follow this protocol.
Stopping internal leaks also remains difficult. In July 2023, the Personal Information Protection Commission found 17 major hospitals leaked the personal data of roughly 180,000 patients. Employees photographed or downloaded patient information and sent it to pharmaceutical companies by email or saved it on USB drives. In some cases, pharmaceutical company employees improperly accessed hospital systems to extract patient files.
"Hospitals should encrypt data or require administrator approval for downloads," Lee said. “To do that, hospitals need to install download-blocking devices on every computer, and that requires significant funding.”
One major hospital blocks external leaks of key identifiers, restricts the use of portable storage devices, encrypts critical documents through digital rights management (DRM) and monitors abnormal access to personal data. It also receives SSIS monitoring services. Even so, hospital officials said they remain concerned.
![The photo shows a plastic surgery clinic in Seoul on Jan. 28, 2024. [YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/08/9f379088-7a9d-4132-9fb4-0a211721a29f.jpg)
The photo shows a plastic surgery clinic in Seoul on Jan. 28, 2024. [YONHAP]
A Korean Hospital Association official said the group trains and guides member hospitals as a self-regulating body under data protection law. “When incidents such as the Coupang case occur, we conduct inspections focused on hospitals,” the official said.
"We cannot completely block access to data, so we tell employees not to store information on USB drives," a staff member at a general hospital said. "But if someone determined wants to get in from outside, they will succeed."
The Coupang data leak exposed the personal information of some 33.7 million customer accounts after the company detected unauthorized access on Nov. 18, possibly by a former employee.
Concerns continue to grow at plastic surgery and dermatology clinics, where records often contain especially sensitive details.
In 2021, a well-known plastic surgery clinic in Gangnam District, southern Seoul, suffered a ransomware attack that leaked patient information. Hackers stole pre- and post-surgery photos and medical records, then threatened patients directly.
![A Coupang logo is seen in this illustration taken on Feb. 11. [REUTERS/YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/08/ad7db749-d0bd-4042-a27e-f0fea3d987ea.jpg)
A Coupang logo is seen in this illustration taken on Feb. 11. [REUTERS/YONHAP]
Clinics say they have few options.
"No one would target a small clinic like ours," a dermatologist in Gyeonggi said. "We do not use security software, and we are not required to. We would be helpless."
The director of a plastic surgery clinic in Seoul also expressed concerns.
“Setting a password on the main computer is our entire security system,” the director said.
A doctor at a dermatology clinic in Seoul said most of their patients rely on private-pay procedures, which they believe offers some protection, but added, “If someone intends to breach the system, nothing stops them.”
Lee said strengthening oversight may help.
"We could include a requirement to use our monitoring service as part of the criteria for designating tertiary hospitals," Lee said. "SSIS plans to develop monitoring systems tailored for smaller hospitals and clinics."
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY SHIN SUNG-SIK, RHEE ESTHER AND CHAE HYE-SEON [paik.jihwan@joongang.co.kr]
No comments
Post a Comment