Hospitals in Japan have been the targets of cyberattacks.
The attacks have kept them from accessing patients' medical charts or forced them to stop providing medical treatment. The rapid promotion of networking in hospitals has heightened their vulnerability, and delay in responding to the attacks is also seen as worsening the damage.
On May 31, a warning message suddenly appeared on computers at Higashiosaka City Medical Center in Higashi-Osaka, Osaka Prefecture. Written in English, it said that the hospital's files had been encrypted , and urged the hospital to access a certain site if it wanted the files to be decrypted.
As a result of the attack, doctors were unable to access images taken by computed tomography (CT) devices, X-ray machines, endoscopes and other medical equipment. Nor could they save newly taken images. The hospital had to stop taking outpatients and could not treat some people who made reservations for two days.
The hospital had been struck by a type of malware called ransomware that uses encryption to lock up the victim's computer system. Such attackers demand that ransom is paid to restore access.
The hospital's image server was infected via the internet, and a large number of diagnostic images were encrypted. The city's core hospital, which is accepting COVID-19 patients, refused to comply with the attacker's demand, and it has been unable to access tens of thousands of images even after the system became available.
"We were naive about cyberattacks," the hospital's deputy director general said. "We will take thorough security measures."
Cyberattacks on medical institution came to light around 2018. In October of that year, a municipal hospital in Uda, Nara Prefecture, was infected with ransomware that kept the hospital from accessing the medical charts of more than 1,000 patients.
And at the end of last year, Fukushima Medical University Hospital announced that its CT system had a temporary glitch.
Ransomware attacks on infrastructure have become rampant around the world in recent years. In May, a U.S. oil pipeline shut down for five days due to such an attack, causing a gasoline shortage. At some overseas medical institutions, systems were completely shut down, forcing patients to postpone surgeries or to be transferred to other hospitals. That type of attack seems to now have spread to medical institutions in Japan.
In 2005, the Health, Labor and Welfare Ministry drew up guidelines on cybersecurity for medical institutions and urged them to devise countermeasures.
"It's difficult to deal with cybercrime as the attackers are constantly updating their tricks," a ministry official said.
-- 75% are unprepared
Today, medical devices and systems have become networked inside and outside hospitals so rapidly that a sense of crisis toward cybercrime has not yet fully spread within hospitals, experts said.
The Japan Medical Association Research Institute conducted a survey in January and February and found that nearly 80% of the about 3,000 medical institutions that responded had introduced systems to digitally store diagnostic images, most of which were connected to networks inside and outside hospitals. Meanwhile, 48% said they did not have a budget for cybersecurity, and 75% had no procedures to counter unauthorized accesses.
The National Police Agency said suspicious online connections, believed to be cyberattacks, have been increasing year by year, with a record 6,506 of them a day on average last year.
Read more from The Japan News at https://japannews.yomiuri.co.jp/
