Hong Kong's health department computers hit by ransomware planted by hackers

A participant at the Def Con hacker convention in Las Vegas on July 29, 2017.
A participant at the Def Con hacker convention in Las Vegas on July 29, 2017.PHOTO: REUTERS

HONG KONG - Hong Kong's Department of Health has fallen prey to a cyber attack, although it was less severe than that carried out against Singapore's largest healthcare group two weeks ago.

In a statement sent on Friday (Aug 3), a spokesman for the Department of Health said three of its computers belonging to the department's Infection Control Branch, Clinical Genetic Service and Drug Office were hit by ransomware, which left data inaccessible.

The cyber breach took place over a period of two weeks from July 15, and the department has reported the incidents to the Office of the Government Chief Information Officer as well as the police.

"Files stored on the computers were encrypted by ransomware and an e-mail address to contact for a decryption key was left behind but no ransom was demanded," the spokesman said.

She added that the police had launched an investigation and preliminary findings showed that the computers did not contain confidential personal data and that no information was leaked.

"The department and the Office of the Government Chief Information Officer (OGCIO) will follow up on the results of the investigations and decide on ways to improve cyber-security measures," the spokesman said.

The department has alerted its staff to follow safety precautions, including avoiding surfing unsecure websites and using devices not screened for viruses.

An OGCIO spokesman said the Hong Kong government was now beefing up its ability to guard against cyber threats. The steps being taken included advanced skills training, the deploying of new tools and technologies, migrating web servers to the government's central facility and sharing relevant cyber risk information.

The increasing number of cyber attacks on healthcare organisations reflects the vulnerability of their infrastructure and value of the data in their systems, said Mr Sanjay Aurora, Asia Pacific managing director at cyber-security firm Darktrace.

"More worryingly perhaps, a proportion of attackers are seeking to cause longer-term, systemic damage by compromising data. Imagine medical data, such as blood results, being changed, and the trust of citizens in their nation's infrastructure and critical services being eroded," he said.

Cyber attacks happen every day around the world and the growing number of entry points into a network have made it more difficult to stop would-be attackers from getting into the infrastructure.

Many healthcare organisations and hospitals are now employing artificial intelligence to tackle the problem as it has the ability to respond in real time to emerging threats and respond autonomously, whether it's a ransomware attack that unfolds in seconds or a slow and stealthy employee leaking information, added Mr Aurora.

There have been a number of cyber attacks in recent weeks in the region.

On July 20, the Singapore Government said the personal particulars of 1.5 million patients in SingHealth were compromised in the Republic's worst cyber attack. The outpatient prescriptions of 160,000 people, including Singapore Prime Minister Lee Hsien Loong and a few ministers, were also breached.

SingHealth consists of four hospitals, five national speciality centres and eight polyclinics.

In Thailand, cyber-security experts have urged the government to strengthen legal safeguards against data leaks after the computer systems of two major Thai banks were hacked recently.

The Bank of Thailand said on Wednesday that the computer systems of Kasikornbank and Krungthai Bank had been compromised, affecting the security of the personal and corporate data of more than 120,000 customers.

There have also been other cyber incidents in Hong Kong. Two local travel agencies, Goldjoy Holidays and Big Line Holiday, were hacked in January for clients' details in exchange for ransom. A 30-year-old suspect was later arrested.

In November last year, one of Hong Kong's largest travel agencies, WWPKG Holdings, had its customer database breached, affecting some 200,000 customers.