A major hospital in Osaka, Japan, has suspended routine medical services following a ransomware cyber-attack that disrupted its electronic medical record systems.
Emergency operations are continuing, but Osaka General Medical Center officials told reporters on Monday that the hospital system failed earlier today and could not be accessed.
They have also reported that a contractor who examined the issue concluded the system had been attacked by a ransomware computer virus, with the threat actor allegedly sending an email in English to the hospital’s server and demanding a ransom in Bitcoin.
“With organizations continuing to connect cyber-physical systems to their networks, ransomware attacks against the healthcare industry will only increase,” Simon Chassar, CRO at Claroty, told Infosecurity.
“It’s yet to be confirmed whether cyber-physical systems were hit during the attack; however, with the ever-increasing number of targeted attacks on critical infrastructure organizations, it’s vital these devices are secured.”
The hospital’s director, Takeshi Shimazu, has told media outlets that the Center staff are working to restore the system and using paper medical records until the incident is resolved, as the attack has made it very difficult to calculate medical treatment fees or check details of patients’ medical histories.
“Organizations need to close their security gaps and have complete asset visibility across all their cyber-physical systems by implementing patching procedures for OT systems, IoT and IoMT [Internet of Medical Things] devices,” Chassar added.
“Furthermore, network segmentation with asset class network policies should be in place to limit the movement of malware and give security teams continuous network monitoring to mitigate the impact of ransomware attacks.”
The hospital, operated by the Osaka Prefectural Hospital Organization, currently counts 865 beds and 36 departments. At the time of writing, its systems affected by the ransomware attack remain offline.
The attack on the Osaka General Medical Center comes roughly two months after a report by Proofpoint’s Ponemon Institute linked cyber-attacks against healthcare organizations with increased mortality rates.