HK Health Dept suffers cyber attack

Three computers hit by ransomware, leaving data inaccessible; police find no info leaked

Hong Kong's Department of Health has fallen prey to a cyber attack, although it was less severe than that carried out against Singapore's largest healthcare group two weeks ago.

In a statement sent yesterday, a spokesman for the Department of Health said three of its computers belonging to the department's Infection Control Branch, Clinical Genetic Service and Drug Office were hit by ransomware, which left data inaccessible.

The cyberbreach took place over a period of two weeks from July 15, and the department has reported the incidents to the Office of the Government Chief Information Officer as well as the police.

"Files stored on the computers were encrypted by ransomware and an e-mail address to contact for a decryption key was left behind but no ransom was demanded," the spokesman said.

She added that the police had launched an investigation and preliminary findings showed that the computers did not contain confidential personal data and that no information was leaked.

"The department and the Office of the Government Chief Information Officer (OGCIO) will follow up on the results of the investigations and decide on ways to improve cyber-security measures," the spokesman said.

The department has alerted its staff to follow safety precautions, including avoiding websites that are not secure, and not using devices not screened for viruses.

An OGCIO spokesman said the Hong Kong government was now beefing up its ability to guard against cyberthreats.

The steps being taken included advanced skills training, the deploying of new tools and technologies, migrating Web servers to the government's central facility and sharing relevant cyber-risk information.

The increasing number of cyber attacks on healthcare organisations reflects the vulnerability of their infrastructure and the value of the data in their systems, said Mr Sanjay Aurora, Asia-Pacific managing director at cyber-security firm Darktrace.

He added that many healthcare organisations and hospitals were now employing artificial intelligence to tackle the problem. There have been a number of cyber attacks in recent weeks in the region.

On July 20, the Singapore Government said the personal particulars of 1.5 million patients in SingHealth were compromised in the Republic's worst cyber attack. The outpatient prescriptions of 160,000 people, including Singapore Prime Minister Lee Hsien Loong and a few ministers, were also breached.

In Thailand, cyber-security experts have urged the government to strengthen legal safeguards against data leaks after the computer systems of two major Thai banks were hacked recently.

The Bank of Thailand said on Wednesday that the computer systems of Kasikornbank and Krungthai Bank had been compromised, affecting the security of the personal and corporate data of more than 120,000 customers.

Two local travel agencies in Hong Kong - Goldjoy Holidays and Big Line Holiday - were hacked in January for clients' details in exchange for ransom. A 30-year-old suspect was later arrested.

In November last year, one of Hong Kong's largest travel agencies, WWPKG Holdings, had its customer database breached, affecting some 200,000 customers.

A version of this article appeared in the print edition of The Straits Times on August 04, 2018, with the headline 'HK Health Dept suffers cyber attack'. Print Edition | Subscribe