South China Morning Post
Advertisement
Advertisement
Crime in Hong Kong
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Union Hospital has said it refused to pay the ransom. Photo: Xiaomei Chen
Hong KongLaw and Crime

Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

  • Department of Health says initial investigation finds cyberattack on Union Hospital did not lead to any patient data or medical services being compromised
  • Health authorities have also notified law enforcement agencies, including police and city’s privacy commissioner
Crime in Hong Kong
Cannix Yau
Cannix Yau
Why you can trust SCMP
Hong Kong health authorities have told a private hospital it has four weeks to submit a detailed report after it was hit by a malicious cyberattack and refused to pay a US$10 million ransom.

The Department of Health said on Saturday that it was investigating the incident at Union Hospital in Tai Wai, with its initial findings showing the ransomware attack had not compromised any patient data or medical services.

“Our initial understanding is that it did not involve [the release of] patients’ data nor did it affect the service security of the hospital,” it said. “The Department of Health has requested the hospital to hand in a detailed report in four weeks.”

Health authorities said they had also notified law enforcement agencies, including police and the city’s privacy commissioner.

Union Hospital revealed on Thursday that it had fallen prey to the ransomware attack on Monday morning, resulting in some “operational disruptions”.

“In response to the attack, the hospital has activated the emergency response system and stepped up cyber security measures to block further intrusion … Union Hospital condemns any form of cyberattack,” the hospital said.

“A team of cybersecurity experts has been appointed to conduct thorough system inspection and recovery in order to ensure medical service continuity.”

The hospital stressed that its staff had been vigilant over cybersecurity threats and ensured that all patient records were encrypted and password-protected.

“The leakage of patient data is unfounded as of now. An investigation into the attack is in progress,” it said.

Record 73% of Hong Kong companies hit by cyberattacks in past year: watchdog poll

The institution said it had reported the case to the department, the privacy commissioner and police, adding that patients with concerns could contact them at [email protected].

Hackers reportedly used ransomware called “LockBit” to target the hospital and demand the US$10 million ransom, which the latter refused to pay.

Police said they received a report from a hospital employee on Monday over abnormalities in the hospital’s network system including some computer files going missing, but no personal data was involved.

“The hospital is repairing the system and the case has been listed as ‘miscellaneous’ …Police have proactively contacted the hospital to learn more about the incident and provided assistance,” a spokeswoman from the force said.

The case is being investigated and no arrests have been made.

The privacy commissioner’s office advised the hospital to inform all affected parties, while it launched a formal review.

Post