Hospitals and clinics across South Korea remain highly vulnerable to ransomware attacks and data breaches due to weak cybersecurity systems and insider threats, exposing sensitive patient information. Despite strict legal protections for medical data, only a few major hospitals respond effectively when attacks occur, according to medical officials.
A hospital in Seoul recently shut down operations after malware infected its electronic medical records. Attackers launched a ransomware assault and demanded a significant Bitcoin payment to restore the system. The hospital complied, and operations resumed. Under current medical law, such incidents must be reported to the Ministry of Health and Welfare, but the hospital chose not to.
Another major hospital faced a ransomware attack through a secondary bypass network that lacked proper security controls. Attackers infiltrated internal servers and planted malware codes. The Korea Social Security Information Service (SSIS) monitoring system detected the ransomware attempt, prompting staff to disconnect the network, thereby avoiding a major crisis. Last year and this year, SSIS reported roughly 200 attempted attacks on hospitals under its monitoring.
Currently, only 19 of South Korea’s 35 private general hospitals and 20 of 270 general hospitals use SSIS monitoring services. Among more than 70,000 local clinics, only five are monitored. High costs of 12–18 million won ($8,100–$12,000) annually deter many hospitals. National university hospitals receive separate cybersecurity support from the Ministry of Education.
“Attackers plant malware first, then deploy ransomware, and finally attempt to steal sensitive data such as medical records,” said Lee Sung-hoon, head of the SSIS Medical Information Protection Center. “Multiple rounds of attacks make it harder to succeed on the third attempt.”
Proper data backups can help hospitals recover, but few maintain offline copies on physically separated drives. Internal leaks also remain a challenge. In July 2023, the Personal Information Protection Commission found 17 major hospitals had leaked personal data of roughly 180,000 patients, often due to employees sharing information with pharmaceutical companies or using USB drives.
“Hospitals should encrypt data and require administrative approval for downloads,” Lee emphasized. “This requires installing download-blocking systems on all computers, which involves significant investment.”
Some hospitals have implemented robust measures, including data encryption, blocking external data leaks, restricting portable storage, and SSIS monitoring. Yet, officials remain concerned about persistent threats.
Plastic surgery and dermatology clinics face heightened risks because patient records contain sensitive details. In 2021, a Gangnam clinic suffered a ransomware attack that exposed pre- and post-surgery photos, with hackers directly threatening patients. Smaller clinics often lack basic cybersecurity measures.
“No one would target a small clinic like ours,” said a dermatologist in Gyeonggi. “We do not use security software and would be helpless against a serious breach.” Similarly, the director of a Seoul plastic surgery clinic noted that password protection on the main computer is often the only security measure in place.
Lee suggested that stronger oversight could improve cybersecurity. “We could make monitoring service use a requirement for tertiary hospital designation,” he said. SSIS is also planning to develop tailored monitoring systems for smaller hospitals and clinics to enhance protection.