Measures to Strengthen Information Security for Hacking and Ransomware Response at National University Hospitals

Increase in Targeted Cyber Threats at University Hospitals

[Asia Economy Reporter Han Jinju] The Ministry of Education announced on the 3rd that it has jointly prepared information security enhancement measures with the National Intelligence Service to prevent ransomware attacks targeting national university hospitals.

These information security enhancement measures were prepared to strengthen cyber threat prevention activities as cyber attacks, such as hacking university hospital networks to encrypt data and demanding ransom for decryption, have been increasing recently.

As a preemptive measure against cyber threats, the Ministry of Education will inspect protection measures such as establishing backup systems for infrastructure at national university hospitals and recovery plans in case of crises to prevent cyber attacks in advance. They also plan to consult with related organizations to have important hospital facilities additionally designated as major information and communication infrastructure.

Vulnerabilities in mobile apps and internet-connected medical information systems provided by national university hospitals will be diagnosed to prevent security breaches in advance.

For establishing a breach response system, information sharing will be strengthened using systems such as the National Cyber Threat Information Sharing System (NCTI), and a national university hospital information security council will be created to resolve issues specific to each hospital.

To detect unknown cyber threats, a next-generation cyber threat detection system will be deployed, and an AI-based integrated security control system and a breach response system with the National Intelligence Service will be established. Rapid normalization will be supported through consulting on breach cause investigation, recovery, and response.

Network zones such as internal networks and internet networks will be separated according to the characteristics of hospital systems, and professional support (consulting) will be provided for the operation of hospital information protection systems. Security management guidelines to be followed when purchasing medical devices and security inspection checklists by type will be prepared to promote self-security inspections.