FB pixel

NEC admits password complacency in Japan hospital patient data breach

NEC admits password complacency in Japan hospital patient data breach
 

A ransomware attack last year which led to disruptions in the digital medical records system of the Osaka General Medical Center in Japan for around two months was caused by the use of the same ID and password across the hospital’s medical records system.

NEC, the company that supplied the system back in 2018, has admitted that it was complacent on data security and would reconsider its approach and take “fundamental security measures.”

Details about the cyberattack were disclosed by a team of investigators that was dispatched by the Japanese government to unravel the details of the incident, reports Japanese daily, The Asahi Shimbun (TAS).

The ransomware attack, which happened in October last year, affected the emergency and outpatient care system on the digital patient records platform.

It emerged from the findings that about 2,000 of the hospital’s staff members used the same password with user IDs based on a consistent pattern to access the hospital’s computers.

The system also used chipped employee ID cards for authentication, and is described by a security professional in the report as “cosmetic.”

This, per the investigators, made it possible for hackers to get hold of the login details and access data on some of the computers where they encrypted it and asked for ransom, the publication recounts.

The probe disclosed that once the hackers got access to the system, they introduced a virus on the digital medical records server which then spread to other connected computers which were accessed using the same login details.

NEC reportedly told the outlet that it thought using the same ID and password would not pose any major cyberattack risks as it considered the hospital network system close and secure enough.

But in the wake of the incident, the company’s Director of Medical Solutions Division Seiichiro Nakajima admitted that they were “overconfident” in the way they built the Osaka hospital digital records management system.

NEC officials also told TAS that it did not install an anti-virus system on four of the servers that handle the core aspects of the digital records system, making it vulnerable to virus attacks.

In the meantime, the outlet mentions that a NEC finding last year revealed around 280 hospitals in Japan use a similar records system and each of about half of the number of hospitals uses the same login ID and password to access their computer system, which poses risk of cyberattacks.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Growth of digital wallet use shaking up payment regulations and benefits delivery

Digital wallets are transforming online, offline and cross-border payments around the world, prompting calls for regulatory change in Australis and…

 

Sardine nets $70M in Series C funding for automated fraud prevention platform

Sardine, a startup that employs machine learning for fraud prevention, compliance and credit underwriting, has announced a $70 million Series…

 

Indonesia aims to boost digital ID uptake in bid for greater efficiency

Indonesia is digitizing its civil registration services in a bid for greater efficiency as the country’s citizens enjoy improved convenience…

 

Ondato’s biometric age verification joins NIST leaderboard

Ondato has joined the U.S. National Institute of Standards and Technology evaluation of age assurance algorithms in the latest update…

 

Digital identity strengthens super wallets, transforming India’s DPI

India’s digital transformation has been accelerated by its digital public infrastructure (DPI), a framework that enables seamless digital services through…

 

AU petitioned over legal ID discrimination suffered by Kenyan minority group

Legal representatives of a human rights group, Nubian Rights Forum (NRF), have submitted a petition to the African Union (AU)…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events