North Korean hackers behind major hospital data theft, probe finds

By Kuksung Nam, The Readable
May 11, 2023 7:30PM GMT+9

A North Korean hacking group is responsible for a data breach that affected almost 830,000 individuals, including patients and employees of one of South Korea’s major hospitals two years ago, according to the South Korean police on Wednesday.

In a press release, the Korean National Police Agency stated that the North Korean hacking group had infiltrated the internal network of the Seoul National University Hospital in 2021 and exfiltrated the personal information of 810,000 patients and 17,000 former and current employees. According to the police, the hackers had gained access to private data such as names, dates of births, and in some cases, medical records of patients.

“Based on the evidence and the data extracted, we assume that the hackers breached the hospital to gain access to the medical information of prominent figures,” said an official of the Korean National Police Agency, who is closely involved in the matter, to The Readable. The official did not disclose additional information about the targeted individuals.

Furthermore, the South Korean police explained that they concluded that the culprits were North Korean hackers due to various details, including the use of the North Korean dialect. In the words of the official, the hacking group created an account inside the hospital’s internal network and set a password with a combination of different characters, including a bundle of Korean letters typed on an English keyboard. When correctly read, these letters show a North Korean word that means “do not mess with me.”

The Korean National Police Agency stated that they cannot exclude the possibility that the breach was conducted by the North Korean state sponsored hacking group Kimsuky. According to the United States Cybersecurity and Infrastructure Security Agency (CISA), Kimsuky is a hacking group whose mission is to gather international intelligence for the North Korean regime. Last March, the South Korean intelligence agency and its German counterpart issued a joint alert and publicly warned of the hacking techniques used by the North Korean cybercriminal group.

nam@thereadable.co

The cover image of this article was designed by Areum Hwang.


Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.