Hacking attempt for medical organization in rise¡¦ Korea without solution
Lee Gyung Tak | kt87@ | 2018-01-24 10:57:04
Hacking attempts at medical institutions such as hospitals are rapidly increasing worldwide, and the voice of intellectuals is growing about the lack of personal information correspondence system between government and medical institutions. Medical institutions are storing as much personal information as the whole people use, but they are targeting the main attack by hackers with poor security system. Especially, it is pointed out that hacking for medical institutions due to the development of technology such as telemedicine is serious because it can be directly related to patient`s life as well as leakage of personal information.
According to the "Report on the Seven Issues of Personal Information Protection in 2018" released by the Korea Internet Development Agency (KISA) on January 23, laws and safeguards related to the activation of bio-information such as biometrics authentication and precision medicine are not provided in detail. It is an analysis of the trail.
Medical institutions generally have sensitive and diverse bio-information such as patient`s health status. Recently, we have been building a database (DB) that collects data of enough participants for preliminary research on how gene and environment are related to specific diseases for precision medical care.
In fact, the system of the South-eastern Norwegian Health Authority (RHF) was hacked into the unidentified hacker organization, resulting in the theft of 2.9 million personal and health records, half of the 5.2 million people in Norway. The hacker organization is likely to sell related information on a dark web site in recent trends. In addition, according to data from the National Assembly`s legislative research institute, the United States reported that as of 2015, 21% of the core infrastructures were hacked on medical institutions, The US Department of Health and Human Services has revised its guidelines to distribute guidelines and promote reporting of hacking and countermeasures such as Ransom-ware.
Meanwhile, Korea is obliged to acquire ISMS (Information Protection Management System) certification for major medical institutions (43 hospitals) in the case of Korea, but there is no obligation to report damage caused by hacking. According to the data submitted by the Democratic Party lawmaker Kwon Mi-hyuk at the time of the last inspection of the state last year, 13 cases of hijacked medical institutions received in five years since 2013 were counted.
Actual hacking and leakage of personal information are estimated to be far less than reported. According to the Ministry of Education, cyber infringement cases such as hacking against the national university hospital network (including general universities) increased every year, reaching 40,000 last year. An official at a large hospital in Seoul said, "It is more common for information leakage by internal staff members such as doctors and nurses than outside hacking, but even if it reveals it internally, Because of this, I have been hurried to close and hide related accidents at the hospital level."
On the other hand, in June last year, Democratic Party lawmaker Kim Sang-hee made a proposal to amend the Medical Law Amendment, which requires the Ministry of Health and Welfare to inform the Ministry of Health and Welfare immediately in case of violation of hacking in medical institutions.
By Lee Gyung Tak kt87@
[ copyright ¨Ï The Digitaltimes ]
According to the "Report on the Seven Issues of Personal Information Protection in 2018" released by the Korea Internet Development Agency (KISA) on January 23, laws and safeguards related to the activation of bio-information such as biometrics authentication and precision medicine are not provided in detail. It is an analysis of the trail.
Medical institutions generally have sensitive and diverse bio-information such as patient`s health status. Recently, we have been building a database (DB) that collects data of enough participants for preliminary research on how gene and environment are related to specific diseases for precision medical care.
In fact, the system of the South-eastern Norwegian Health Authority (RHF) was hacked into the unidentified hacker organization, resulting in the theft of 2.9 million personal and health records, half of the 5.2 million people in Norway. The hacker organization is likely to sell related information on a dark web site in recent trends. In addition, according to data from the National Assembly`s legislative research institute, the United States reported that as of 2015, 21% of the core infrastructures were hacked on medical institutions, The US Department of Health and Human Services has revised its guidelines to distribute guidelines and promote reporting of hacking and countermeasures such as Ransom-ware.
Meanwhile, Korea is obliged to acquire ISMS (Information Protection Management System) certification for major medical institutions (43 hospitals) in the case of Korea, but there is no obligation to report damage caused by hacking. According to the data submitted by the Democratic Party lawmaker Kwon Mi-hyuk at the time of the last inspection of the state last year, 13 cases of hijacked medical institutions received in five years since 2013 were counted.
Actual hacking and leakage of personal information are estimated to be far less than reported. According to the Ministry of Education, cyber infringement cases such as hacking against the national university hospital network (including general universities) increased every year, reaching 40,000 last year. An official at a large hospital in Seoul said, "It is more common for information leakage by internal staff members such as doctors and nurses than outside hacking, but even if it reveals it internally, Because of this, I have been hurried to close and hide related accidents at the hospital level."
On the other hand, in June last year, Democratic Party lawmaker Kim Sang-hee made a proposal to amend the Medical Law Amendment, which requires the Ministry of Health and Welfare to inform the Ministry of Health and Welfare immediately in case of violation of hacking in medical institutions.
By Lee Gyung Tak kt87@