North Korean Hackers Suspected in Major Data Breach at Seoul Hospital

Seoul National University Hospital, one of South Korea’s largest hospitals, suffered a major cyberattack between May and June 2021, resulting in data exposure for about 831,000 people, mostly patients, according to a recent report released by the Korean National Police Agency (KNPA). After conducting a two-year-long investigation, South Korean law enforcement officials attributed the attack to North Korean hackers, based on their intrusion techniques, website registration, IP addresses linked to threat actors in that country, and the North Korean language and vocabulary used in the attack, despite not explicitly naming any particular threat group.

The successful cyberattack on the hospital, which occurred during the COVID-19 pandemic, raises a serious concern about the security of healthcare organizations, which have become prime targets for cybercriminals due to the sensitivity and value of healthcare data. Moreover, the attribution of the attack to a state-sponsored group exposes the increasingly brazen tactics employed by nation-states in using hacking as a weapon for political and economic gain. Experts warn that hospitals need to be more resilient to cyberattacks to avoid potential catastrophic consequences to their operations and reputation.

According to the KNPA report, the North Korean hackers used seven servers based in multiple countries, including South Korea, to infiltrate the hospital’s internal network. The attackers were able to steal sensitive data, including names, birth dates, ID numbers, medical records, and other personal data, which they later used to launch spear-phishing campaigns against other victims. The report further reveals that the attackers used email addresses disguised as South Korean government officials to trick their targets into opening malicious attachments that contained malware.

The KNPA’s press release indicated that they plan to “actively respond to organized cyberattacks backed by national governments by mobilizing all our security capabilities,” and to “firmly protect South Korea’s cybersecurity by preventing additional damage through information sharing and collaboration with related agencies.” However, the government’s response alone is unlikely to prevent future cyberattacks. Healthcare organizations must also take proactive steps to improve their cybersecurity posture and reduce their attack surface.

In particular, hospitals must invest in security technologies such as firewalls, intrusion detection and prevention systems, and endpoint solutions to detect and thwart attacks. Additionally, they should conduct regular assessments of their networks and systems to identify vulnerabilities and address them before attackers can exploit them. Healthcare organizations should also provide continuous cybersecurity training to their employees to raise their awareness of emerging threats and best practices for mitigating them.

In conclusion, the cyberattack on Seoul National University Hospital highlights the growing threat of cybercrime to critical infrastructure, including healthcare organizations. State-sponsored groups like North Korea seem to be behind many of these attacks, making it imperative for governments and healthcare organizations to work together to protect sensitive data from cyber criminals. The implementation of a comprehensive cybersecurity strategy, which includes investing in security technologies, conducting regular security assessments, and providing cybersecurity training, is essential for reducing the risks of cyberattacks and safeguarding sensitive data.