Cyber Incident Victim: 彰化基督教醫院
Date:
Mar 2025
Location:
Taiwan
Summary
Changhua ChristianHospital experienced a large‑scale hacker attack that began when its information technology team noticed unusual activity during a holiday period with reduced staffing. The attackers exploited the short‑staffed shift, causing temporary failures in some systems over two days, but the hospital’s information security team restored services promptly without any data leakage, patient harm or total shutdown. The facility maintains a dedicated security center, a budget representing 12% to 20% of its total expenditures, seventy information engineers and ISO27001 certification, and has previously served as a national demonstration base for cyber‑defense drills. Staff worked overnight to monitor and mitigate the incident, while emergency wards, operating rooms and intensive care units continued to function in an orderly manner, demonstrating the institution’s resilience.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2025, the information technology engineers at Changhua Christian Hospital began detecting a hacker attack that had been launched during the holiday when the information department was short‑staffed. The attackers carried out a large‑scale, full‑scale assault on the hospital’s networks. After two days of continuous work, some systems experienced temporary failures but were all restored promptly, with no data leakage, no compromise of patients’ rights, and no complete paralysis of services. Hospital officials stated that they would wait until the outpatient clinic opened at 8:30 a.m. to confirm whether normal operations could be sustained.
Changhua Christian Hospital has long maintained a robust cybersecurity posture, reporting more than 5,000 hacker attempts per month over the past year. The institution operates a dedicated information security center led by a full‑time chief information security officer, and allocates between 12 % and 20 % of its total budget to information security. Seventy information‑related engineers support the department, which, together with related units, has achieved ISO 27001 certification. On September 6, 2013, the Ministry of Health and Welfare designated the hospital as a demonstration base for cybersecurity drills, where actual hacker intrusion techniques were used to develop attack scripts and conduct field‑based attack‑and‑defense exercises involving more than 30 hospitals. During those drills, the hospital demonstrated strong detection and response capabilities, including handling simulated website replacements and ransomware‑tool scenarios, and received praise from Ministry of Welfare Director Pang Yiming for its preparedness.
President Chen Mukuan expressed gratitude to the information department staff for working through the night and to all medical personnel for maintaining patient care during the holiday. He noted that, despite minor inconveniences, the collective effort resulted in no complaints and only mutual support among teams. The emergency department, wards, operating rooms, intensive care units and other clinical areas continued to operate in an orderly fashion, reflecting the hospital’s resilience. Two attending physicians in the emergency department, Zhang Jiakai and Hao Jianjie, observed the chief director visiting the department around 6 a.m. to show concern, and both responded with smiles despite their fatigue. Chief Director Chen Mukuan also delivered strong coffee to the information team early in the morning to encourage their ongoing efforts.