Cannix Yau reports:
Hong Kong health authorities have told a private hospital it has four weeks to submit a detailed report after it was hit by a malicious cyberattack and refused to pay a US$10 million ransom.
The Department of Health said on Saturday that it was investigating the incident at Union Hospital in Tai Wai, with its initial findings showing the ransomware attack had not compromised any patient data or medical services.
“Our initial understanding is that it did not involve [the release of] patients’ data nor did it affect the service security of the hospital,” it said. “The Department of Health has requested the hospital to hand in a detailed report in four weeks.”
Read more at South China Morning Post.
According to the SCMP, hackers using LockBit ransomware were responsible for the attack and ransom demand. However, a search of LockBit’s site this morning does not reveal any listing for “Union Hospital” or “Ren’an Hospital.”
The hospital announced on April 18 that all patient data is properly encrypted and password-protected.
As of the 18th, the hospital had not found any evidence of misappropriated or leaked patient data. But The Standard reports that sources said LockBit encrypted a significant amount of computer files, including lab reports, and told the hospital not to delete or alter the encrypted files. The Standard does not indicate whether the sources for those statements were employees or others, and does not indicate the basis for their claim.