Cyber Incident Victim: Mackay Memorial Hospital

On February 9, 2025, Mackay Memorial Hospital detected unauthorized access to its patient records system, leading to the confirmed exfiltration of sensitive personal and medical data. The breach was discovered during routine system monitoring when anomalous data transfer patterns were identified originating from a third-party vendor's compromised credentials. Initial forensic analysis revealed that attackers gained access to approximately 200,000 patient records containing full names, national identification numbers, medical histories, and treatment details. The threat actors subsequently issued a ransom demand for 50 Monero (XMR) cryptocurrency in exchange for not publicly releasing the stolen data, though the hospital did not confirm whether any payment was made. Operational disruptions occurred across outpatient services and diagnostic departments as critical systems were taken offline for containment.

Hospital administrators immediately disconnected affected systems from the network and initiated their incident response protocol. Cybersecurity forensic teams from Taiwan's Ministry of Health and Welfare and the Criminal Investigation Bureau were engaged to conduct joint investigations. All patients whose data was potentially exposed began receiving breach notification letters by February 12, 2025, advising them to monitor for identity theft and fraudulent medical claims. The hospital established a dedicated hotline for patient inquiries and credit monitoring services for impacted individuals. Internal security audits revealed the attackers maintained persistent access for 11 days prior to detection. As of February 15, 2025, the investigation remained ongoing with no public attribution to specific threat actors, while the hospital implemented mandatory multi-factor authentication for all third-party vendor access points and accelerated migration to encrypted database storage systems.