Major hospitals hit by cyberattacks patient data sold on hacker forums

p 05102025   0833 GMT0700ppppAt a recent seminar on the needs and organization of cybersecurity training in Vietnam hosted by the Hanoi National University experts noted that the use of cyberspace for criminal activities has increased in both the number of cases their nature and severity and carried out through sophisticated methods and tactics resulting in victims losing vast sums of moneyppCybercriminals target key agencies and organizations including those in healthcare Reports showed that cyberattacks to healthcare systems occurred at An Giang central general hospital where the virtualized server system was hit by hackers encrypting all data and halting operationsppIn March 2024 foreign virtual IP addresses attacked the online appointment booking website of HCMC Heart Hospital forcing the hospital to shut down the system for repairs and switch to a backupppAccording to information from cybercrime forums in June 2024 hackers advertised for sale the details of 112000 patient and medical staff records from Hong Ngoc General Hospital including names contact information medical records and financial details ppMeanwhile the University of Medicine and Pharmacy HCMC Hospital had personnel information and lists of over 50 servers exposed onlineppIn October 2024 cybercriminals attacked the IT system of Duc Giang General Hospital encrypting nine servers and causing major data loss and system paralysisppIn January 2025 the hospital information system HIS at the Ondemand and International Treatment Center of Hue Central Hospital was compromised with over 500gb of data encrypted and a ransom demanded for decryptionppExperts emphasized that these risks stem not only from external threats but also from the limited cybersecurity awareness among medical personnelppMany medical facilities have not fully implemented information security measures as required including management and technical safeguardsppSenior Lieutenant Colonel Le Xuan Thuy director of the National Cybersecurity Center A05 under the Ministry of Public Security said that recently a hospital in Vietnam had to seek help after being attacked by hackers who threatened to publicly release patient data and medical histories on the internetppNo patient wants their private life exposed online This directly impacts the community The issue is not that hospitals dont see the risks but there are no legal regulations compelling them to address them properly Thuy saidppAccording to Thuy in the first six months of 2025 there was a surge in ransomware attacks targeting systems in the energy sector healthcare government agencies and recently even press and information agenciesppHe believes that developing the national standard on cybersecurity TCVN 144232025 is a core step in state management providing both guidance and protection for critical information systemsppStandards are not just for inspection More importantly they guide instruct and help organizations secure their infrastructure Thuy emphasizedppHe noted that many organizations are aware of cybersecurity risks but are confused about where to startppLarge tech enterprises like VNPT and MobiFone can learn from global practices But for businesses and organizations unsure of where to begin a clear standard tailored to Vietnams context is needed as a basis for applicationppWe provide guidelines based on the most secure information but we understand that not every organization can immediately comply with all standards Its like not everyone can run 5km every day for health benefits We hope this standard will help units increase their maturity level and ensure cybersecurity Thuy saidppTCVN 144232025 is the first national standard on cybersecurity developed by the national cybersecurity center to help agencies and organizations comprehensively implement cybersecurity measuresppIn this regard A05 chose to issue it as a standard rather than a regulation meaning it is not mandatory to give organizations and businesses more time to adapt and enhance their infrastructure protection capabilitiesppHowever for entities handling large volumes of personal data with significant community impact Thuy said that mandatory sanctions are necessaryppWhen organizations are classified as having serious or very serious impact levels applying the standards will be mandatory with specific legal documents regulating it Thuy statedppIssuing TCVN 144232025 is not only a technical advancement but also demonstrates the states role in establishing a legal framework enabling agencies and organizations to proactively protect their systems and contribute to safeguarding national sovereignty in cyberspaceppppThai KhangppTopicp