Imagine walking into one of the largest hospitals in the country and discovering that sensitive medical information and personal details of over 800,000 patients and 17,000 employees have been stolen. This nightmare scenario recently became a reality when North Korean hackers breached the network of Seoul National University Hospital (SNUH), South Korea’s prominent medical institution.
This cyber attack took place between May and June 2021, and the Korean National Police Agency (KNPA) has spent the past two years conducting an in-depth investigation to identify the culprits. Based on various factors such as intrusion techniques, IP addresses, website registration details, and language use, the KNPA has attributed this attack to North Korean hackers.
Unraveling the Attack
Although local South Korean media has linked the attack to the Kimsuky hacking group, the police report doesn’t explicitly mention this specific threat group. What we do know is that the attackers used seven servers in South Korea and other countries to launch their assault on the hospital’s internal network.
The consequences of this incident are severe, with data exposure affecting 831,000 individuals, most of whom were patients. The breach also impacted 17,000 current and former hospital employees.
A Growing Threat
The KNPA has warned that North Korean hackers may continue to infiltrate information and communication networks across various industries. As a result, there is an urgent need for enhanced security measures and procedures, such as implementing security patches, managing system access, and encrypting sensitive data.
“We plan to actively respond to organized cyber-attacks backed by national governments by mobilizing all our security capabilities and to firmly protect South Korea’s cyber security by preventing additional damage through information sharing and collaboration with related agencies,” warned the KNPA.
North Korean Hackers Targeting Healthcare
This isn’t the first time North Korean hackers have been linked to hospital network intrusions aiming to steal sensitive data and extort ransom payments from healthcare organizations. The U.S. government has specifically highlighted the Maui ransomware threat, urging the healthcare sector to raise their defenses against North Korean cyber operations.
Security researchers at Kaspersky have linked the Maui ransomware operation to a specific cluster of activity named ‘Andariel’ (aka ‘Stonefly’), believed to be a sub-group of the notorious Lazarus hacking group. Lazarus has been known for targeting South Korean entities with ransomware since April 2021.
Don’t Wait Until It’s Too Late
The attack on Seoul National University Hospital should serve as a wake-up call for businesses across the United States. Cybersecurity is not just an IT issue; it’s a critical business concern that can have devastating consequences if not addressed properly.
Don’t wait until your organization becomes the next target. Contact us to learn how ZZ Servers can help you protect your valuable data and ensure your business remains secure from cyber threats.
