Taiwan Announces Measures to Protect Hospitals from Hackers
August 15 (CNA) - The Ministry of Digital Affairs (MODA) has announced a series of measures aimed at strengthening the cybersecurity resilience of Taiwan's medical sector, following a string of cyberattacks on at least two hospitals earlier this year.
The announcement was made by MODA Deputy Minister Lin Yi-jing, who expressed concerns about the potential risks posed by ransomware attacks on hospitals. "Under [ransomware] attacks, we are concerned that hospitals could be paralyzed, posing a major risk to Taiwan, and that personal data within them could also be leaked," he said at a news conference in Taipei.
Measures Implemented to Enhance Cybersecurity
In an effort to address these challenges, Lin stated that MODA and the Ministry of Health and Welfare (MOHW) have joined forces to improve cybersecurity in hospitals, which are considered critical infrastructure. Four key measures will be implemented to help hospitals defend against cyberattacks:
- Cyber defense drills
- Talent development
- Institutional guidance
- Enhanced inspections
Tsai Fu-longe, director-general of MODA's Administration for Cyber Security, highlighted one of the drills scheduled for the end of 2025, which will invite domestic and foreign white-hat hackers to participate. This exercise aims to strengthen hospitals' ability to implement protective measures and file reports when facing cyberattacks.
Improving Cooperation and Technical Capabilities
"In the past, hospitals may have handled defense on their own, but such drills can foster closer cooperation between them and help enhance their technical capabilities," said Tsai. The exercise will involve eleven hospitals working together to counter attacks.
According to Lee Chien-chang, head of MOHW's Department of Information Management, the resilience of Taiwan's medical sector has improved following a series of attacks by "CrazyHunter" earlier this year. The "CrazyHunter" attack crippled the computer systems of Taipei's MacKay Memorial Hospital in February and Changhua Christian Hospital (CCH) in March.
Guidelines for Responding to Ransomware Attacks
The MOHW issued guidelines for hospitals on responding to ransomware attacks in March. "Such response guidelines are almost unheard of in other countries," noted Lee.
"Cybersecurity staff will know what to do at any point after an attack, including what actions to take within 24, 48 and 72 hours – starting with containing the damage, identifying the malware and quickly restoring systems."
Endpoint Detection and Response (EDR) Installed in Medical Centers
All medical centers in Taiwan have now installed Endpoint Detection and Response (EDR), a cybersecurity tool that was absent in most hospitals before the two attacks. This helped some computers at MacKay avoid compromise during the February incident.
Speculation Over Support from Chinese Authorities
In April, the Criminal Investigation Bureau (CIB) revealed that "Crazyhunter" is the alias of a 20-year-old employee of a cybersecurity company in Zhejiang Province, China. This has prompted speculation over whether Lo was supported by Chinese authorities to launch the attack.
"We cannot speculate, but on the surface it is clear that there was indeed a specific commercial ransom demand," said Lee in response to media questions.
Preparedness for Future Attacks
"Taiwan's medical sector is now prepared to withstand an attack by hackers backed by Chinese authorities, but we cannot assume our defenses are impenetrable and that such incidents will not happen again," said Lee. The focus is on building resilience so that if an attack breaches the system, operations can be restored immediately.