Hacking attempts at medical institutions soar due to supervisory loopholes

Constance Williams  Published 2017.10.10  15:56  Updated 2017.10.10 15:56


Amid increasing damages caused by hacking attacks worldwide, the Ministry of Health and Welfare보건복지부 has come under fire for its insufficient hacking defense and operational supervision.

According to data submitted to Rep. Kwon Mi-hyeok권미혁 of the ruling Democratic Party by the Korea Internet & Security Agency한국인터넷진흥원 (KISA), there have been 13 cases of hacking to clinics since 2013.

Medical institutions are not obliged to report to the ministry, and the agency in the event of hackings, meaning actual damages are greater than known.

Rep. Kwon, a legislator belonging to the National Assembly’s Health-Welfare Committee, has criticized the government ministry for not taking sufficient measures, including the provision of hacking-related education for related organizations under its wing.

The United States had 21 percent of the hacking attacks on core infrastructures was directed at medical institutions in 2015, or about 1,000 hacking attacks per day. Last year, the number quadrupled to 4,000.

The U.S. Department of Health and Human Services issued the Ransomware and HIPPA Guidelines to prevent hacking and distribute them to hospitals while amending the guidelines and having them report hacking attacks to the department.

On the other hand, the handbook distributed by the ministry to medical institutions last year is divided into the part for hospitals (147 pages) and doctors (30pp), and is mostly composed of contents related to the protection of information, while those about countermeasures for hacking damage are excluded, Kwon pointed out.

Most of the medical institutions that reported to KISA were exposed to the risk of actual hacking, but the guidelines were relatively poor, she added.

Kwon pointed out that while the U.S. government distributes manuals for hacking related to Ransomware separately to medical institutions so that the latter can respond to accidents at the frontlines, it is difficult for Korean organizations to respond to hacking by themselves.

"Even though hacking cases of medical institutions such as the seizing the computer network of university hospitals by North Korea in 2015, personal hacking of hospital information last year and breaking into couple-app bank accounts, the ministry has not responded sufficiently,” Kwon said.

It is necessary for the ministry to work out a guidebook containing tips on hacking prevention and response such as Ransomware, and to improve the system to report the situation and confirm damages, she added.

<© KBR , All rights reserved.>