Following a series of cyber attacks on medical institutions, the Ministry of Health, Labor and Welfare has revised and published guidelines for security measures for medical institutions.


We have newly incorporated measures that assume damage caused by computer viruses called "ransomware" that makes data encrypted and unusable.

The Ministry of Health, Labor and Welfare has revised and released the guidelines on information security of medical institutions in light of the fact that cyber attacks on medical institutions are occurring one after another.



In the revision, countermeasures against the ransomware, a ransomware-type computer virus that makes data encrypted and unusable, are urgent issues.

Specifically, regarding how to take backups, increase the types of media and the number of times they are taken so that the damage does not spread to the backup data, and separate the media from the network etc. and store it offline. increase.



We also request that a configuration diagram of the medical system and a list of persons in charge be prepared in advance so that countermeasures can be taken promptly in the event of damage.



In addition, since remote connection with the outside is likely to be the entry point for attacks, when an external contractor performs remote system maintenance, be sure to keep a log = record, and after the end, the person in charge of the medical institution confirms it. I also want to do things.



The Ministry of Health, Labor and Welfare says, "Since the budget for security differs depending on the scale of the medical institution, it is not possible to request the same measures uniformly, but I would like you to combine various measures according to each situation."

Great damage at hospitals hit by cyber attacks

In January, a hospital in Aichi Prefecture, which was hit by a cyber attack by "ransomware," responded to an interview with NHK and revealed that it had a major impact, such as the cost of tens of millions of yen for restoration.



At the Kasugai Rehabilitation Hospital in Kasugai City, Aichi Prefecture, a server that stores electronic medical records was hit by a cyber attack on January 12th.



According to the hospital, after midnight, the nurse contacted me that "the electronic medical record suddenly became unavailable", and when I checked the computer that manages the server, the text on the screen was titled "Congratulations!" In English. Is displayed.



In it, it was written in English, "The file was encrypted. If you want to restore it, pay for it." The email address of the other party was also mentioned as a contact.



When I asked an information security company to investigate in detail, I found that "ransomware" was used.



The hospital decided not to accept the request for money, but the attack made it impossible to access the electronic medical record that recorded the information of about 50,000 patients, and the backup data managed online was also encrypted. It was made into.



As a result, the medical records of about 250 inpatients were forced to be handwritten for about a month, and the medical records of outpatients could not be viewed, so each person had to be interviewed. It means that there was an effect such as prolongation.



Also, the hospital's accounting system remained unusable for about a month.



Since it is highly possible that the vulnerability of the external connection service called "VPN" was targeted in this cyber attack, the hospital has introduced a new electronic medical record system and is proceeding with recovery, but so far. It cost tens of millions of yen, and a full recovery is expected to take more than a month.

Toshitake Okawauchi, general affairs manager of Kasugai Rehabilitation Hospital, said, "I knew that ransomware was causing damage at medical institutions one after another, but I didn't expect our hospital to be attacked. Impact on patients. Although it was minimized, it was a heavy burden on hospitals and staff. In the future, security will be kept up to date and measures will be strengthened, such as storing multiple backup data for patient information. I want to go. "

Cyber ​​attacks at medical institutions one after another

Cyber ​​attacks by the ransomware computer virus "ransomware" have caused damage to medical institutions one after another.



In 2018, some medical records of patients could not be seen at the municipal hospital in Uda City, Nara Prefecture, and last year, electronic medical records and accounting system data were recorded at the municipal hospital in Tsurugi Town, Tokushima Prefecture. Was encrypted, and for about two months, we stopped accepting new patients except for obstetrics.

Expert "Medical institutions take higher measures than general"

Professor Hiroki Takakura of the National Institute of Informatics, who was involved in the revision of the guidelines, commented on the security measures of medical institutions. ".



On top of that, "In the medical field, systems such as medical equipment are intricately linked, and it is often unclear where one will spread when one stops. Refer to the guidelines and start with what to solve. It is necessary to organize everything once and take measures in order. "



Regarding data backup, "It is also required to take regular backups even when offline and to store data in a remote location."



In addition, many of the damages are the result of the security vulnerabilities of remote connections to the outside, and "it is important to know who is responsible for managing and operating the remote connection system." It is. "



The Ministry of Health, Labor and Welfare is supposed to publish the latest cyber attack trends and countermeasures on the homepage as needed, so Professor Takakura said, "How to prepare for attacks that change every day, always take measures. I want you to review it. "