Cyber Incident Victim: 総合大雄会病院 (Daiyukai General Hospital)

On February 8, 2022, Daiyukai General Hospital discovered that some of its internal computers had been infected by an Emotet-type virus. The infection occurred after employees received sophisticated spoofed emails impersonating legitimate hospital departments or staff members. Upon investigation, the hospital confirmed the malware compromise and identified that historical email correspondence stored on affected devices had been exfiltrated. This data breach enabled threat actors to send fraudulent emails posing as the hospital or its employees to addresses contained within the stolen communication records. The hospital immediately deployed antivirus software to detect and remove the malware from compromised endpoints. Concurrently, they collaborated with their internet service provider to initiate log analysis and strengthened the mail server's virus-checking capabilities to prevent further exploitation of the email infrastructure.

By February 9, 2022, the hospital confirmed the leakage of multiple registered email addresses and portions of historical email exchange records from infected computers. Containment efforts focused on quarantining additional devices showing potential infection indicators to limit further data exposure. The incident caused operational disruptions and imposed significant inconvenience on business partners and other stakeholders who received malicious emails leveraging the stolen data. The hospital publicly advised recipients to scrutinize sender email addresses for authenticity and avoid interacting with attachments or hyperlinks in suspicious messages. They directed affected parties to guidance resources from Japan's Information-technology Promotion Agency (IPA) and JPCERT Coordination Center regarding Emotet mitigation. Internal response coordination was handled through the hospital's Information Strategy Group, which established a dedicated contact line for inquiries related to the breach.