Union Hospital in Tai Wai hit by cyberattack demanding US$10 million, forced to switch to manual operations

Union Hospital

20th April 2024 – (Hong Kong) Union Hospital in Tai Wai, has fallen victim to a malicious cyberattack, disrupting its routine operations and compromising its computer systems. The attack, which was first detected on 15th April, has led to a ransom demand of US$10 million (approximately HK$78 million), which the hospital has not paid.

The cyberattack has severely impacted the hospital’s daily operations, making it necessary for staff to revert to manual processes for tasks such as lab reports and blood matching. This switch has significantly slowed down operations and increased the workload, leading to extended working hours for the medical staff. There is a growing concern among healthcare professionals about the heightened risk of medical errors due to these changes.

The hospital acknowledged the attack in a statement on 18th April, noting that it had taken immediate steps to enhance its cyber security measures to prevent further breaches. Despite these efforts, the full functionality of the hospital’s systems has not been restored, and the situation remains critical.

Upon discovering the breach, Union Hospital promptly notified the police, the Department of Health, and the Office of the Privacy Commissioner for Personal Data. The latter has already advised the hospital to inform all affected parties and has begun a formal review of the incident in accordance with established procedures.

The ransomware identified in the attack is the notorious ‘LockBit’. Screenshots of the ransom demand were captured by hospital systems, and investigations have revealed that several other companies, including listed companies in Hong Kong, have also been targeted by the same ransomware group.

Experts believe the breach was likely due to inadequate antivirus measures and employees inadvertently accessing phishing sites. The Honorary President of the Hong Kong Information Technology Federation, Francis Fong, commented on the incident, comparing it to previous data leaks such as the one at Cyberport. He emphasized the necessity for enhanced cybersecurity measures and heightened vigilance among employees to prevent such breaches.

When local reporters visited the hospital on the evening of 19th April, around 20 people were seen waiting in the lobby. Patients reported that they did not notice any unusual delays during their consultations, and many were unaware of the cyberattack until approached by the media. Hospital staff confirmed the breach and directed queries to their public relations department.