Skip to content
>_ITDITDWeb Security Platform
tag

healthcare

2 articles with this tag

2026-07-18

Osaka General Medical Center ransomware (2022) — a contractor's VPN as the way in, and hospital BCP

The way in was not the hospital itself but a meal-service contractor's remote-maintenance VPN device — unpatched, and reachable using leaked credentials — the investigation committee found. Because the hospital and contractor were constantly connected, and because servers/PCs shared passwords, users held broad admin rights, EMR servers lacked antivirus, and the network wasn't segmented, the encryption spread across the EMR system. Outpatient care, surgery, and emergency intake were restricted; full recovery took over two months. Defend by treating contractor links as your own attack surface: patch internet-facing VPNs, end credential reuse, least privilege, segment, and build a medical BCP (paper fallback, tested restore).

2026-07-18

Tsurugi Handa Hospital ransomware (2021) — an unpatched VPN CVE and the backup trap

The way in, per the expert committee's report, was an internet-facing VPN device left unpatched against a known vulnerability (CVE-2018-13379), reachable with leaked credentials. Short passwords, no account lockout, and users holding admin rights made lateral movement easy. Decisively, the primary system and its backup were on the same network and both were encrypted — a backup that isn't isolated and offline is no backup when it counts. EMR recovery took about two months. Defend by patching internet-facing VPNs fast, revoking leaked/reused credentials, and keeping isolated, offline, 3-2-1 backups.