Over 200 Security Breaches at Medical Institutions in the Past Five Years
80% Occurred at Clinics and Small- to Mid-Sized Hospitals
On August 8, SK Shieldus announced that it is supporting medical institutions in responding to self-assessment requirements for personal information protection and safeguarding patient data through its subscription-based security service, Cyberguard.
Recently, there has been a surge in cyberattacks targeting medical institutions, resulting in frequent incidents such as patient information leaks and disruptions to medical systems. Last year, a hospital in Daejeon suffered a hacking incident on its website, which led to the leakage of personal information for 200,000 members, including names, dates of birth, IDs and passwords, emails, and phone numbers. In June of this year, a hospital in Gwangju experienced a ransomware attack that paralyzed its computer network and caused major disruptions to medical services due to the encryption of critical files.
Such incidents are not confined to specific hospitals. Over the past five years, there have been more than 200 security breaches targeting medical institutions. In the first half of last year alone, there were 68 incidents, which is approximately 3.7 times higher than in 2020. Notably, about 80% of all incidents occurred at clinics and small- to mid-sized hospitals, indicating that medical institutions with limited personnel and budgets are primary targets for cyberattacks.
In response, organizations such as the Korean Medical Association and the Korean Hospital Association, which are designated as self-regulatory bodies by the Personal Information Portal, conduct annual "Personal Information Protection Self-Assessments" to help medical institutions comply with the Personal Information Protection Act. While these assessments are not legally mandatory, failure to conduct them may result in random on-site inspections by the Ministry of the Interior and Safety. If standards are not met, this can lead to legal risks such as fines, making proactive measures necessary.
SK Shieldus offers its subscription-based security service, Cyberguard, to help medical institutions effectively respond to personal information protection self-assessments and enhance their security. Cyberguard can be introduced without the burden of initial setup costs and can be operated at a reasonable price, making it suitable for hospitals with tight budgets. Another advantage is that it can be implemented without altering existing medical systems, allowing hospitals to selectively adopt only the necessary security services.
In particular, SK Shieldus's Cyberguard provides security services optimized for medical environments, including DRM (document encryption), server database encryption, and DLP Plus. Through these services, medical institutions can effectively meet key requirements of the self-assessment, such as encryption measures, access control, and the establishment of incident response systems.
Kim Byungmoo, Head of Cybersecurity at SK Shieldus (Vice President), stated, "Personal information leakage incidents at medical institutions are a serious issue that threaten not only patient safety but also the trust in medical institutions." He added, "SK Shieldus's Cyberguard is the most reasonable solution for medical institutions that face difficulties in security response due to limited budgets and personnel, as it enables them to address both the self-assessment requirements for personal information protection and the practical protection of patient data, while also mitigating legal risks."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
