Ransomware plagued South Korean hospitals for the past three years

By Kuksung Nam, The Readable
Sep. 14, 2023 9:33PM GMT+9

Ransomware has overwhelmingly dominated attacks against South Korean medical institutions, accounting for more than 90% of all cyber assaults on hospitals over the past three years.

In a press release issued on Thursday, South Korean lawmaker Kim Young-joo revealed that 74 healthcare centers have fallen victim to cyberattacks between February 2020 and July 2023. The disclosure is based on documents submitted by four government bodies: the Ministry of Health and Welfare, the Ministry of Education, the Korea Social Security Information Service (SSiS), and the Korea Internet & Security Agency (KISA).

Of the total incidents, 68 were identified as ransomware attacks, in which cybercriminals encrypt a victim’s computer network and demand a ransom for its release. Just last month, the Ewha Woman’s University Medical Center fell prey to such an attack, with cybercriminals compromising three of its servers and making off with patients’ personal information, according to the lawmaker. Despite efforts to assess the full scope of the damage, the hospital has not provided further details, the lawmaker’s office noted.

According to the documents, cybercriminals targeted not just the hospital computer systems but medical devices as well. Last November, Chung-ang University Hospital fell victim to a ransomware attack that affected some of its medical equipment. Notably, the hospital is one of 45 medical institutions designated by the Ministry of Health and Welfare to provide highly specialized care for severe illnesses.

Beyond the pervasive ransomware assaults, there have also been two instances of distributed denial-of-service (DDoS) attacks over the past three years. Wonkwang University Hospital, another institution designated as a tertiary healthcare center alongside Chung-ang University Hospital, faced a DDoS threat in September 2020.

The lawmaker is gearing up to introduce a legislative amendment that would require general hospitals—defined as healthcare centers with more than 100 beds—to compulsorily enlist in government-run cybersecurity services. Despite the launch of a healthcare information sharing and analysis center by the SSiS in 2018 to bolster security for private institutions, only 19 out of a total of 267 hospitals had opted into the government’s service as of last month.

“We install protection solutions on our computers to secure ourselves from various viruses. However, we could say that there are practically no such things on our medical servers and devices,” explained a secretary of the lawmaker’s office to The Readable. “To protect medical institutions from hacking attacks and ransomware, it is especially crucial to have security controls.”

nam@thereadable.co

The cover image of this article was designed by Areum Hwang.


Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.