Taiwan’s Hospitals Under Fire: Why Zero Trust Is the New Lifeline for Medical Cybersecurity

Taiwan’s healthcare system is under siege. In just the past two years, a wave of cyberattacks from insider data abuse to devastating ransomware has exposed deep vulnerabilities in hospital cybersecurity. These breaches don’t just threaten patient privacy; they disrupt critical care and put public trust on the line. Below, we’ve compiled several major medical cybersecurity cases from the past two years in Taiwan to review the current state of healthcare cybersecurity and offer protection recommendations.  

Personal Data and Risks Carried by the Healthcare System

In modern society, the healthcare system is not only a critical line of defense for public health but also a massive repository of highly sensitive personal information. While most people tend to think of personal data as just names, phone numbers, and addresses, in reality, the information held by medical institutions is far more comprehensive and in-depth than that held by financial institutions or e-commerce platforms — and once compromised, the consequences can be severe.

The types of data stored by medical institutions include:

1. National ID numbers, addresses, phone numbers, and emergency contact information.
   
2. National Health Insurance card numbers, medical visit records, medication history, medical imaging, and lab reports.
   
3. Sensitive medical history such as mental health records, sexually transmitted diseases, and cancer diagnoses.
   
4. Credit card numbers, insurance information, and financial billing records.
   
5. Family relationships and medical consent forms.
   

Unlike typical online shopping or financial data, medical information has a unique characteristic: it’s irreplaceable. If stolen, it cannot be reissued or reset. For example, you can change your phone number or get a new credit card, but you cannot erase your past medical history, family medical records, or treatment history.

In recent years, hacker groups and ransomware gangs have increasingly targeted hospitals, and the reasons are clear:

• Hospitals must remain operational 24/7 — to avoid disruptions to surgeries and emergency care, institutions are more likely to pay ransoms quickly.
  
• Cybersecurity defenses often lag behind, especially at regional hospitals and clinics that lack dedicated security personnel.
• Highly sensitive, complete data sets offer significant black-market value.

According to Taiwan’s Administration for Cyber Security (ACS), from 2023 to 2024, multiple major medical institutions in Taiwan experienced cybersecurity incidents. These incidents affected hundreds of thousands of patient records, with some cases even crippling hospital systems, halting emergency and outpatient services. We’ve compiled key incidents from the past two years and the attack methods involved.

Overview of Major Medical Cybersecurity Incidents in Taiwan, 2025

1. Fu Jen Catholic University Hospital: Insider Privilege Abuse Incident

This widely reported case broke in May 2025. Back in October 2024, a respiratory therapist surnamed Chou at Fu Jen Catholic University Hospital exploited his solo night shift to misuse multiple colleagues’ login credentials and access the hospital’s system. He manipulated the hospital labor union election by casting extra votes for himself and even installed NGROK, a tunneling tool that allows remote access to the hospital’s internal databases. As a result, the personal information of at least 10,000 patients and staff members,  including celebrity Lin Chi-ling’s family,  was potentially exposed.

Although the hospital swiftly deleted the malicious program after discovery, no disciplinary action was taken against the staff member involved. The hospital claimed it immediately reported the incident to the Bureau of Investigation, launched an internal inquiry, and is now actively cooperating with judicial authorities. They also stressed that no patient data leaks had been confirmed.

Despite these assurances, the incident triggered public concern over the lax internal cybersecurity management within medical institutions.

2. Mackay Memorial Hospital: Crazy Hunter Ransomware Attack

In February 2025, the main Taipei branch of Mackay Memorial Hospital suffered a massive ransomware attack carried out by the hacker group Crazy Hunter. The incident paralyzed over 600 computers, leading to a large-scale shutdown of the hospital’s emergency, outpatient registration, and inpatient systems. Some surgeries and emergency services were also disrupted, while patient records were encrypted and rendered inaccessible. It was one of the most extensive ransomware attacks in Taiwan’s medical history.

According to an investigation by Taiwan’s National Cyber Security Agency (NCSA), the attackers first gained access through a phishing email, obtaining a weak-password internal account. They then infiltrated the hospital’s Active Directory (AD) management servers. To evade detection by antivirus software, the hackers disguised their malware as a printer driver, and used Group Policy Objects (GPO) to spread the ransomware across the internal network.

Once deployed, the ransomware encrypted all critical data and left a ransom note on the infected systems:

“All your files have been encrypted! You must pay a Bitcoin ransom to decrypt them. The price depends on how fast you contact us. Sorry for stealing all your hospital’s data — including PACS, EMR, HIS, and the personal information of all staff and patients, as well as official documents. We know you have backup systems, but they can’t prevent international news exposure, sensitive data leaks, or public outrage. If you don’t cooperate, we’ll publish all your data, internal information, and network details. At that point, you’ll face not only a ransomware crisis but also reputational damage and potential follow-up attacks from stronger groups.”

At the same time, Crazy Hunter hackers hijacked the hospital’s official email accounts and, posing as a physician, sent out the ransom note widely, further escalating the threat.

Mackay Hospital immediately activated its cybersecurity incident response plan, replacing each infected device and temporarily reverting to manual, paper-based procedures to continue operations during the crisis. Though the attackers demanded a high ransom, the hospital held an emergency meeting and decided not to pay. Instead, it urgently spent NT$10 million (approx. USD 320,000) to procure endpoint protection software and roll it out hospital-wide to better detect future threats.

Additionally, to contain the infection, Mackay applied a “compartmentalized network” strategy — a tactic borrowed from its COVID-19 response experience — by isolating different hospital campuses from one another and enhancing security barriers for critical servers.

Despite these efforts, hackers later posted claims on BreachForums, stating that they had obtained Mackay Memorial Hospital’s patient data and were offering it for sale at USD 100,000. The leaked trove reportedly contained 16.6 million patient records (totaling 32.5 GB of data) from the hospital’s Taipei, Tamsui, Hsinchu, Taitung branches, and the Taipei and Hsinchu Children’s Hospitals.

🔗 Related report: “Timeline of the Mackay Hospital Ransomware Attack, February 2025 (Continuously Updated)”

3. Changhua Christian Hospital: Ransomware Attack

Changhua Christian Hospital, the only medical center serving Yunlin, Changhua, and Nantou, suffered a ransomware attack during the 2025 Lunar New Year holiday. This wasless than six months after the Mackay Memorial Hospital incident. Multiple internal servers and patient record systems were compromised, and the hospital’s external registration system was rendered inoperable.

According to reports from the Central News Agency and other media outlets, the hospital detected the cyberattack on March 1, 2025. After two days of response efforts, they successfully contained the attack without any data breaches or violation  of patient rights. Only some systems experienced brief downtime.

On March 4, 2025, Taiwan’s Ministry of Health and Welfare Information Division confirmed that Changhua Christian Hospital was targeted by the Crazy Hunter ransomware group—the same threat that attacked Mackay Memorial Hospital earlier in February.

Although the scale of this attack was smaller compared to Mackay’s, the back-to-back assaults on two major medical institutions within a short period caused widespread public anxiety.

🔗 Related report: “Timeline of the Changhua Christian Hospital Ransomware Attack, March 2025”

4. Chang Shin Hospital: System Paralysis Suspected Cyber Attack

In April 2025, Chang Shin Hospital, located in Zhongli, Taoyuan, experienced a cyberattack that caused system paralysis. In early May, the hospital officially acknowledged the incident on its website, stating:
“Medical system data was encrypted by unauthorized hackers, causing medical operations to crash.”

During the attack, on-site procedures had to be adjusted to manual patient queuing and doctors writing prescriptions by hand while staff worked intensively to restore the system.

According to the FTV News Channel, this incident was carried out by an emerging hacker group called NightSpire, which caused disruptions to online registration, initial consultations, and doctors’ prescription functions. Intelligence gathered from the dark web revealed that the hackers also stole 800GB of data.

Although the hospital emphasized that the data was encrypted, the fact that medical institutions hold complete patient personal information and medical records means that any data breach poses a serious threat to patient rights and privacy.

For healthcare, cybersecurity is non-negotiable—it’s the new standard of care.

Over the past two years, Taiwan’s healthcare sector has been battered by a relentless wave of cyberattacks—from ransomware lockdowns and insider leaks to foreign hacker break-ins. Each incident has spotlighted glaring gaps in hospital cybersecurity, weak internal controls, and dangerously lax access management. This situation not only threatens the continuity of medical operations but also directly endangers patients’ personal information and medical record security. It can even impact insurance, financial, and national health insurance systems, escalating into a national security-level risk.

Notably, while Taiwan’s healthcare system has long prioritized medical quality and updating healthcare equipment, its investment in information security generally lags behind other industries. Many hospitals still categorize cybersecurity budgets under general IT maintenance without allocating independent funds or dedicated teams for cybersecurity. Critical systems such as HIS (Hospital Information System), PACS (Picture Archiving and Communication System), and LIS (Laboratory Information System) often operate on outdated operating systems or weak password settings, creating significant security vulnerabilities.

As digital healthcare, telemedicine, and cloud-based medical records become the new norm, cybersecurity is no longer optional—it’s essential to keeping healthcare systems running safely and smoothly. Defending against cyber threats isn’t just a precaution; but rather a necessary condition to “ensure the normal operation of the healthcare system.”

Hospital Cybersecurity Protection Recommendations

Taiwanese medical institutions are advised to proactively assess their cybersecurity posture and implement the following basic protections:

• Ensure strict management of high-privilege accounts and deploy anomaly detection mechanisms to prevent internal misuse of access rights.
  
• Conduct regular penetration testing and social engineering drills to identify security vulnerabilities and enhance staff cybersecurity awareness.
  
• Establish real-time incident reporting mechanisms and backup plans to guarantee uninterrupted operations.
  
• Implement multi-factor authentication, offline backups, and segregation between internal and external networks to reduce cybersecurity risks.
  
• Strengthen encryption of medical information systems and imaging data to prevent data leakage during transmission and storage.

Healthcare Cybersecurity Must Adopt a Zero Trust Network Access

With the rise of telemedicine, electronic medical records, online consultations, and digital payments in the post-pandemic era, healthcare institutions are handling an ever-increasing volume of sensitive personal data, medical records, and financial information.   Concurrently, hacker attack methods have become increasingly sophisticated. Traditional defenses like firewalls, antivirus scanning, and basic access control are no longer sufficient to effectively counter modern cybersecurity threats. Therefore, a Zero Trust Network Access is becoming an essential cybersecurity standard for the healthcare industry.

Zero Trust emphasizes “never trust, always verify.” Regardless of whether users, devices, or applications are internal or external, every access attempt must undergo multiple layers of authentication and strict permission controls. This is combined with behavioral anomaly detection, real-time alerts, and granular access management to ensure that every access request stays within a controllable scope. For healthcare organizations, this framework effectively addresses insider abuse, prevents lateral movement by attackers, and reduces the risk of hackers infiltrating critical medical systems and patient databases.

If Taiwan’s healthcare sector wants to prevent repeat security incidents, protect patient privacy, and ensure stable operations, it must rapidly implement Zero Trust Network Access. Coupled with multi-factor authentication (MFA), this approach builds a multi-layered, dynamic verification environment that truly safeguards core medical systems and nationwide personal data security.

The future of healthcare cybersecurity is not just about blocking attacks — it’s about upgrading capabilities in risk prediction, behavioral analysis, and real-time response. No system can guarantee 100% prevention of breaches, but with a Zero Trust framework and agile security incident response, healthcare providers can remain resilient during attacks, keep patient data safe, and preserve the public’s fundamental trust in the healthcare system.

Keypasco ZTNA

Keypasco ZTNA is a cybersecurity solution based on the Zero Trust Network Access. The product is developed with reference to standards from the U.S. NIST and CISA, as well as Taiwan’s government Zero Trust technical framework. It is certified by the National Institute of Cyber Security and employs identity verification, device authentication, and trust inference technologies to help enterprises and public/private sectors provide comprehensive and robust cybersecurity protection.

• Identity Verification: Offers multi-factor authentication, including FIDO U2F and FIDO2 solutions.
  
• Device Authentication: Scans device attributes and software information, storing them on Keypasco servers for device validation.
  
• Trust Inference: Uses artificial intelligence to analyze behavior, continuously assess risk, and trigger additional authentication when needed.

Keypasco not only meets international standards and real-world demands, but is trusted by government agencies, financial institutions, healthcare providers, smart buildings, and high-tech industries worldwide. As cyber threats evolve, we remain committed to empowering organizations with robust, future-ready security solutions. This ensures that they stay compliant, resilient, and ahead of the curve in a rapidly changing digital landscape.