Are China’s Hospitals Safer from Hackers than the West’s?

A global cyberattack rocked Europe hospitals recently, but China seemed mostly unscathed. Here’s why.

Over 700 hospital servers and computers were affected in China, accounting for 2.4 percent of all infected machines in the country.
Over 700 hospital servers and computers were affected in China, accounting for 2.4 percent of all infected machines in the country. Photo from HindustanTimes

On May 15, the Xinhua News Agency — the Chinese government’s media arm — reported that more than 29,000 organizations in the country had been hit by the computer malware unleashed by hackers in a global cyberattack that held data ransom on infected computers. Xinhua listed hospitals as among the types of organizations struck in the attack.

That made sense, given that many of Europe’s hospitals, including those operated by the U.K.’s National Health Service, had their computers and data laid low in the attack. In addition, many predicted China would be hit especially hard because of the country’s large number of older machines running non-current versions of Microsoft Windows, leaving them especially vulnerable.

But reports from hospitals and healthcare cybersecurity experts in China suggest that the country’s hospitals escaped the sort of widespread and serious damage suffered in Europe. “Strict national information regulation on hospital security helped to prevent a large-scale outbreak,” says Dawei Zhang, a manager at Beijing Security Union IT Company, which provides network security services to government agencies and hospitals in China.

China’s hospitals didn’t escape completely. Just over 700 hospital servers and computers were affected, accounting for 2.4 percent of all infected machines in the country, according to the Threat Intelligence Center of Qihoo 360, a cybersecurity company in China. But most hospitals reported no problems, and most hospital personnel were reporting few or no malware infections. In Shanghai, for example, Hui Li, director of urology at Changhai Hospital, and Ruixue Hou, an anesthetist at Shanghai General Hospital, both say they hadn’t heard of any problems with the malware at their institutions.

Were tight cybersecurity practices really why China’s hospitals were spared? Perhaps to some extent. But the protection didn’t come from state-of-the-art tools and techniques. Rather, notes Zhang, one key factor was the way in which China’s hospitals’ core systems lack broad connectivity to the outside world. Hospitals there usually have computers that connect to the internet, he explains — but those computers are separate from the core systems, and the connections among them are tightly controlled. That sort of arrangement can hinder a hospital’s ability to share data with other hospitals, outside doctors, and patients. But it does offer higher security.

Another saving grace: The timing of the attack. Time-zone differences, the proximity of the weekend, and the coincidental concurrence with a Chinese government summit that had agencies active and in close contact with public institutions, all helped hospitals react in time to avert disaster.

A quickly and widely disseminated alert allowed many hospitals to close their networks down proactively, and internet carriers moved to selectively reduce types of access that appeared to be especially vulnerable. Guohui Feng, director of the Qinyang People’s Hospital, told local media that all servers with outside access, including those running medical care systems, were shut down to prevent infection. Qinyang was among the hospitals that used the shutdown to update and patch their Windows software. The Second People’s Hospital of Hangzhou in Zhejiang Province also closed its network.

These sorts of proactive outages impaired many hospital services — but enabled fending off the malware, for the most part. Even those hospitals that did get hit were prepared to take immediate action to limit the damage. An infected server at the People’s Hospital of Qiantan District in Zigong was quickly quarantined, leaving hospital routines undisturbed, according to the City Information Center.

However, another China-based cybersecurity researcher, who spoke to GHCi only on the condition of anonymity, suggests there may have been more hospitals in the country hit by the malware than have been reported. That’s because some smaller and more rural hospitals tend to have older, pirated versions of Windows that can’t be updated, this expert says, and don’t have the experienced information-technology staff to deal with problems.


Changhong Zhang

Changhong Zhang is a freelance healthcare writer based in Shanghai, China.


Leave a Reply