Anti-malware disabled during cyberattack at Handa Hospital

A The cyberattack on a hospital in Tokushima prefecture in October happened after a company disabled antivirus software on the hospital’s computers, according to a report published on June 7.

The report indicates that the company was involved in the provision an electronic medical record system for Handa Hospital in Tsurugi, Tokushima Prefecture.

The hospital, run by the Tsurugi city government, was forced to suspend some of its operations for about two months after falling victim to a ransomware attack.

The report was written by a group of experts established within the hospital.

He said that before the cyberattack, the company had configured the Windows settings of computers connected to the electronic medical records system to disable features including anti-virus software and regular Windows updates.

These computers were among approximately 200 computers used at the hospital.

The company said it did so because those features would have made the electronic medical record system unstable if they hadn’t been disabled.

The report criticized the company saying that it “prioritizes the operation of the electronic medical records system over protecting computer security.”

After the June 7 city assembly meeting at which the report was presented, Yasushi Suto, a physician and hospital administrator, told reporters, “The company did not inform us at all (about the deactivation of these functions).”

When regular Windows updates identify a security flaw on a computer, a program is sent to fix the problem.

However, the report points out that Windows was never updated on the hospital’s computers.

The report said, “Every vulnerability existed in these computers.

The report also pointed out that a virtual private network (VPN) device that other companies have set up at the hospital for maintaining the electronic medical record system had never been updated.

A VPN allows users to connect to a private network within an organization separate from the Internet.

Since the device was installed in the hospital in 2019 until the cyberattack that occurred in October 2021, a series of cyberattacks on VPN devices have occurred around the world after cybercriminals detected flaws in these devices. devices that have allowed unauthorized intrusions.

Due to this history, experts concluded that the cybercriminals exploited flaws in the hospital’s VPN device and made an unauthorized intrusion for the ransomware to infect the hospital’s system, according to the report.

As a result of the cyberattack, the hospital’s electronic medical record data was encrypted.

The hospital was forced to suspend accepting ERs or new patients, as well as having to use paper medical records.

The report noted that a single manager was overseeing the hospital’s IT system when the cyberattack occurred.

This meant that the manager could not afford to spend the time and effort to protect the security of the computer system, according to the report.

Therefore, the report said it was understandable that the incident happened.

The report also criticized companies working for the hospital saying they were not fulfilling their responsibilities. For example, he said that they did not notify the hospital of a VPN device update program, even though they were aware of it.

However, the malware attack on Handa Hospital was not unique to it.

A man working for a medical information systems company in Tokyo said: ‘Hospitals were using closed telecommunications networks separate from the internet. They often turned off automatic program updates to deter any potential issues. »

However, hospital networks are now increasingly using equipment such as VPN devices, which allow people to connect to them from outside hospitals.

Therefore, experts warn against overconfidence in the security of hospital networks.

Takayuki Sugiura, security strategist at the Digital Agency, said: “Networks are not closed if they are accessible from the outside world. However, many people working in medical services mistakenly believe that their networks are closed. »

(This article was written by Tatsuya Sudo, Senior Writer, and Takaaki Fujino.)

Comments are closed.