Ransomware Devastates Hospitals, Sounding a New Alarm for Healthcare Cybersecurity
In March this year, Mackay Memorial Hospital and Changhua Christian Hospital were hit by ransomware CrazyHunter. The attacks disrupted registration systems, halted medical services, and allegedly led to the theft of tens of millions of personal records that were later sold online. Investigations revealed that attackers infiltrated via Active Directory (AD) by exploiting weak passwords to gain account privileges, and then launched large-scale ransomware encryption attacks through Group Policy Object (GPO) deployment. The incident drew widespread concern, prompting Taiwan’s Ministry of Health and Welfare (MOHW) to issue “Guidelines for Hospitals Responding to Ransomware Attacks” and work with the National Information & Communication Security Taskforce (NICS) to strengthen healthcare cybersecurity inspections. With ransomware threats escalating, the pressing question remains: Is the healthcare system truly prepared, and how can it build a more resilient cybersecurity defense?
Why Are Healthcare Institutions Prime Targets? 4 Key Cybersecurity Challenges
Analysis of these hospital ransomware incidents revealed several weaknesses: lack of secure login authentication, insufficient backup mechanisms, and the fact that attackers deliberately chose long weekends or holidays when defenses were relatively weak. With ongoing digital transformation and massive volumes of sensitive patient data, hospitals now face four major cybersecurity challenges:
- Burden from attacks and system maintenance
- Intra-hospital file access permission control
- External file exchange risks
- Cybersecurity evaluation requirements
According to Check Point’s 2024 Cybersecurity Report, Taiwanese organizations experience cyberattacks at a severity far exceeding the global average. In the past six months alone, each organization in Taiwan was attacked an average of 2,930 times per week—2.7 times higher than the global average of 1,089. Moreover, ransomware attacks have shifted from indiscriminate mass attacks to targeting high-value industries. With hospitals holding vast amounts of sensitive personal and medical data, healthcare is now a top target for cybercriminals.
OmniStor Data Security Platform: Building the Strongest Cyber Defense for Hospitals
ASUS OmniStor Data Security Management Platform, built on zero-trust principles, provides a unified storage platform that consolidates data across hospital branches. It enables secure and well-controlled file exchange mechanisms. In the face of rampant ransomware attacks, OmniStor delivers robust data protection, prevents ransomware threats, supports rapid data recovery, and enhances healthcare digital resilience to meet cybersecurity accreditation standards. Key highlights include:
- Replacing Traditional NAS with Safer Alternatives
- Granular Access Controls and Secure Authentication Mechanisms
- Secure Data Exchange & Protection
- Comprehensive Admin Console with Behavioral Monitoring
Furthermore, under Taiwan’s Regulations for the Production and Management of Electronic Medical Records, hospitals are required to retain electronic medical records for at least five years. With data volumes rapidly increasing and backup needs growing, traditional file servers often face heavy loads, making maintenance and expansion difficult. OmniStor supports cloud backup for HIS (Hospital Information System) data, ensuring high-security hybrid cloud synchronization and compliance with healthcare regulations.
MOHW’s Ransomware Response Guidelines: OmniStor as Your Trusted Safeguard
Following the incidents, the Ministry of Health and Welfare’s Information Division quickly published the “Hospital Ransomware Response Guidelines,” providing a unified standard operating procedure (SOP) for hospitals nationwide to respond quickly and effectively to potential future attacks.。
As ransomware attacks become more rampant, the healthcare sector needs a comprehensive and reliable data protection strategy—one that not only strengthens defense but also enforces zero-trust access control during file exchange and access, while ensuring rapid recovery at critical moments to maintain uninterrupted medical services. OmniStor is committed to helping healthcare institutions build a modernized data security architecture that fully complies with healthcare regulations. By providing end-to-end protection—before, during, and after an incident—OmniStor enables hospitals to establish a truly resilient cybersecurity defense.
Want to learn more about the OmniStor Data Security Management Platform? >>https://www.asuscloud.com/omnistor/
Reference sources: