Home China's $50 Billion Medical Cybersecurity Sector: Trends and Innovations Revealed Through Analysis of 50 Domestic Companies

China's $50 Billion Medical Cybersecurity Sector: Trends and Innovations Revealed Through Analysis of 50 Domestic Companies

Apr 24, 2020 08:00 CST Updated 08:00

In the first quarter of 2020, the healthcare information security industry continued the robust momentum seen in 2019.

 

On the capital front, the momentum of financing for companies in the information security sector remains strong, with two companies completing their B+ round of financing, each raising over 100 million yuan; on the policy front, regulators have also been actively exerting efforts, such as the Cryptography Law that officially came into effect on January 1st and the Notice on Strengthening Information Technology Support for the Prevention and Control of Novel Coronavirus Pneumonia issued by the General Office of the National Health Commission on February 5th, which provide legal safeguards for information network security; meanwhile, there is no shortage of latecomers in the market.

 

What is driving the surge in attention toward healthcare information security? What challenges exist in its development? What are the likely future trends? Addressing these questions, VCBeat has reviewed the current state of healthcare information security in China, along with corresponding countermeasures, market size, and key participants.

 

“Persistent Challenges” in the Healthcare Industry

 

During the COVID-19 pandemic, some hacker groups used “COVID-19” as a lure to launch cyberattacks against the computer systems of medical institutions and healthcare workers, aiming to extort money and steal information. Data breaches are a common security issue in the information age, prevalent across most industries; yet incidents of data theft continue to persist despite repeated prohibitions.


In early May 2019, Charles River Laboratories, the largest preclinical CRO company in the United States, reported that approximately 1% of its customer data had been stolen. In a similar incident, on the last day of that month, Quest Diagnostics, a global leader in clinical diagnostics, announced that nearly 12 million patients’ financial, medical, and personal information had been compromised due to a cyberattack.


On July 31, 2019, the Security Research Institute of the China Academy of Information and Communications Technology (CAICT) and Tencent Smart Security jointly released the “2019 Cybersecurity Observation Report for the Health and Medical Industry.” The report stated that the cybersecurity risks facing the health and medical industry are mainly concentrated in three major areas:

 

First, the risk of malicious programs such as botnets, Trojans, and worms, represented by ransomware.Among the 15,339 healthcare-related entities in the observational sample, 1,029 were found to be infected with malicious programs such as "Jiangmuwu" (botnets, Trojans, and worms), including 136 entities affected by ransomware. These malicious programs can lead to disruptive consequences, including large-scale cyber fraud, data breaches, and paralysis of medical information systems.

 

The "AIDS Information Trojan," which emerged in 1989, is widely regarded as the earliest form of ransomware. This Trojan hid multiple directories on the disk and encrypted all file names on the C drive, rendering the system unbootable. A message displayed on the screen claimed that the user’s software license had expired and demanded a payment of $189 by mail to unlock the system.

 

China's first ransomware was the Redplus ransomware Trojan, which emerged in 2006. This Trojan hid users' documents and then displayed pop-up windows demanding ransoms ranging from 70 to 200 yuan.

 

Ransomware is a prevalent type of Trojan horse that disrupts the normal use of users' data assets or computing resources by harassing, intimidating, or even hijacking user files, and then extorts money from users under these conditions. Its primary propagation methods include exploiting software vulnerabilities, brute-forcing weak RDP passwords, phishing emails, and drive-by downloads via compromised websites.

 

This virus encrypts files using various encryption algorithms and then demands a ransom from the file owners. If the infected party refuses to pay the ransom, they will not obtain the encrypted private key and will be unable to recover their files.

 

Ransomware remains a prevalent security threat. To target large enterprises and organizations, ransomware operators continuously develop new variants, leading to an escalating risk to the security of corporate confidential files and data.

 

Second, the risk of big data breaches caused by security vulnerabilities.Among the observed samples, 6,446 entities had application service ports (such as database services, FTP services, and printer services) exposed to the public internet. Of these, 375 entities used extremely weak passwords for their application services, allowing attackers to easily gain control over these services via the public internet. This vulnerability could lead to security incidents involving the malicious compromise of application services on a large scale and significant leaks of health and medical data.

 

Third, the risk of website tampering.Observations of the samples revealed that 4,546 institutional websites had security vulnerabilities, among which 261 had records of malicious tampering. Websites in the healthcare sector, along with government and educational institution websites, are primary targets for attacks by foreign entities, with website defacement techniques being highly varied.

 

Cyberattacks on healthcare systems are also a relatively common type of medical information security incident. Legal Daily reported that in 2017, the medical service information system of a certain Chinese ministry was hacked, resulting in the leakage of over 700 million citizen records and the illegal sale of more than 80 million citizen records. Around the same time, a large-scale data breach involving public privacy information also occurred on the other side of the Pacific Ocean.

 

U.S. Medical Device Company Patient Home Monitoring Suffers Data Breach, Exposing 47.5 GB of DataA breach of medical data storage records at the U.S. medical device company Patient Home Monitoring has resulted in the leakage of 47.5 GB of data, including up to 315,000 PDF files. The compromised information involves the personal basic information, physician and medical case records, and blood test results of nearly 150,000 patients.


On July 26, 2018, the U.S. National Counterintelligence and Security Center released a report stating that hackers were particularly “interested” in “biological materials, biopharmaceuticals, and new vaccines and drugs,” and showed strong “intent” to obtain information on advanced medical devices, infectious disease treatments, and genetically modified organisms. Meanwhile, biotechnology was also listed as one of the major targets of cyberattacks.


Zhong Yiming, Deputy General Manager of the Healthcare Division at Sangfor Technologies, analyzed potential data security risks from the perspective of the data’s full lifecycle:


3.png


Although medical data breaches in China have been less visible to the public, undercurrents are stirring beneath the calm surface.


The Epidemic Is a Major Test for the Medical Network System

 

During the pandemic, healthcare institutions, as the front line of the “fight against the epidemic,” faced severe security threats and challenges in cyberspace. Data shows that many cyberattacks on hospitals during this period leveraged coronavirus-related hot topics, using phishing software, malicious links, and other methods to induce targets to open, download, and execute malicious files. Once a computer was compromised, the malware would move laterally across the network, infecting additional machines.

 

According to monitoring data from WebRAY Security, since early 2020, the daily volume of webshell attacks in some pandemic-affected areas has reached 1.04 million, with nearly 6,000 effective attacks. This represents a 5 percentage point increase in average daily attack traffic and a 15 percentage point rise in the number of effective attacks compared to 2019. Meanwhile, there have been continuous reports of multiple medical institutions falling victim to ransomware.

 

Why Do Hackers “Love” Medical Data?

 

First, medical data is “too valuable.”With advancements in technology, the application of artificial intelligence and big data in the healthcare sector is becoming increasingly widespread. The quality and security of medical big data play a crucial role in the development of medicine. The nature of medical practices themselves ensures the authenticity of medical data. Because medical data contains sensitive information such as patients’ names, ages, residential addresses, phone numbers, medical histories, and bank account details, it holds significant financial value, making it a prime target for malicious hackers.

 

Second, medical data has extensive coverage.He Ping, Director of the Medical Alliance Center at Shanghai Shenkang Hospital Development Center, stated in an interview that from a micro perspective, medical information includes data on individual patients’ disease conditions and omics; from a macro perspective, it encompasses data on disease transmission, the incidence and progression of regional epidemics, and the health status of regional populations. Therefore, the secure use of medical data is crucial to social stability and national security.

 

Third, medical devices with outdated operating systems also serve as a key entry point for cyber attackers.Many medical devices are of high quality and have long operational lifespans, with some guaranteed to function for over a decade. However, this longevity can lead hospitals to “forget” their presence. Outdated operating systems in these devices create security vulnerabilities, providing cyberattackers with opportunities for exploitation. Peering through these “vulnerabilities” into the inner workings of medical devices, attackers do not see components or circuit boards, but rather vaults brimming with money.

 

In addition to the aforementioned internal factors, terrorist organizations, hacker groups, cybercriminal syndicates involved in the black market economy, and extreme individuals may also launch cyberattacks for personal or vested interests.

 

According to the "2020 Digital Healthcare: Research Report on Cybersecurity Risks During Epidemic Prevention and Control" released by the Security Research Division of the China Academy of Information and Communications Technology (CAICT), brute-force attacks against medical service authentication remained severe during the epidemic, with hackers launching up to 800,000 such attacks against the healthcare industry in a single day at their peak.

 

During this epidemic, the cybersecurity risks faced by the healthcare sector include:

 

Security Threats from External Third-Party Organizations.To facilitate access to other branches of the hospital network, the operating systems used by medical devices store many different types of sensitive information. Zhong Yiming stated that external organizations connected to a healthcare facility are generally considered trusted entities, such as higher-level administrative authorities, peer hospitals, and subordinate units. However, from the perspective of cyberattacks, the networks of these external organizations fall outside the security scope manageable by the hospital itself and should therefore be regarded as untrusted networks. Consequently, hospitals must strengthen their protective measures accordingly.

 

According to an analysis by Tencent Smart Security’s Yujian Threat Intelligence Center, third-party medical service platforms accessed by numerous Grade III hospitals in China have been found to contain severe logical vulnerabilities. These platforms aggregate medical resources from hundreds of large Grade III hospitals across multiple provinces and municipalities nationwide; if compromised by malicious hackers, all hospitals on the platforms would be affected.

 

Mobile healthcare products also carry hidden risks.According to data from the Qianzhan Research Institute, the overall industry size is expected to surpass RMB 50 billion in 2020. Users primarily utilize mobile health apps to search for relevant information, consult with physicians, schedule appointments, learn about health maintenance, and manage chronic diseases.

 

The primary security risks facing mobile health apps include decompilation and cracking, such as attacks on system keyboards and input methods, local data breaches, Wi-Fi phishing, network eavesdropping, debugging attacks, and memory attacks. These vulnerabilities can lead to the theft and leakage of users' private personal information. Consequently, patients' basic information, social security numbers, transaction records, electronic medical records, and diagnostic and treatment data have become important avenues for criminals to illicitly profit. Furthermore, these apps also face challenges in regulatory oversight.

 

Recently, during the “Clean Net 2020” special campaign, the National Computer Virus Emergency Response Center conducted internet monitoring and discovered that more than 20 mobile applications were suspected of violating privacy regulations. These violations included failing to clearly disclose all requested privacy permissions to users, not providing explanations on the rules for collecting and using personal information, and lacking effective functions for correcting or deleting personal information and canceling user accounts.

 

New Technologies, New Risks.The application of cloud computing in areas such as medical data storage and management has facilitated the digital and centralized transformation of medical data and information systems. However, it has also exacerbated information security issues, increasing the risks of platform failures, business interruptions, and data loss. The application of big data technology contributes to more efficient and rational analysis, utilization, and predictive early warning of medical data; yet, data centralization makes these repositories prime targets for hackers, with privacy breaches and data leaks becoming increasingly prominent. While the Internet of Things (IoT) is widely adopted in the healthcare industry, the exploitation of security vulnerabilities in IoT devices can lead to eavesdropping or interception of information, resulting in severe and immeasurable consequences.

 

Cai Yi, Director of Solutions at Meichuang Technology, stated that during the pandemic, health codes were used nationwide for movement authorization. These codes contained extensive personal sensitive information with high individual data value. Where is such data stored? “Is it centrally managed by technology companies or by the National Data Management Center?” Regulatory authorities must also pay close attention to potential violations during this process, such as data breaches and misuse.

 

Taking Jiangsu Province as an example, prior to the launch of the “Su Kang Ma” (Jiangsu Health Code), which is mutually recognized across the province, the 13 prefecture-level cities in Jiangsu each adopted their own health codes that were valid only within their respective jurisdictions. For instance, Suzhou used the “Su Cheng Ma,” Nanjing used “Ning Gui Lai,” Nantong used “Yi Lai Tong,” and Suqian used the “Su Kang Ma.” Before the provincial “Su Kang Ma” was introduced, residents had to apply for a new health code whenever they traveled to a different city. This not only imposed unnecessary burdens on citizens but also resulted in fragmented data across various cities, leading to low utility, difficulties in data preservation, and heightened risks of data leakage.

 

Cybersecurity Protection: The State Has Been Taking Action


Classified Protection of Information Security is a widely adopted international practice that safeguards information and its carriers according to their respective levels of importance. To provide guidance for information security efforts across different sectors, relevant Chinese authorities and experts have initiated research tailored to the actual conditions of China’s information landscape.

 

4.png

Implementation Process of China’s Classified Protection of Information Security (Data sourced from the internet; graphic by VCBeat)

 

In 1994, the State Council officially issued the Regulations of the People’s Republic of China on the Security Protection of Computer Information Systems, introducing for the first time the concept of classified protection of information security. Over the subsequent decade, China successively promulgated a series of policies and regulations.

 5.png

The Policy Development History of Classified Protection for Information Security (Data sourced from the internet; graphic by VCBeat)

 

On November 10, 2000, the National Development and Reform Commission (NDRC) launched the industrialization project titled “Development of a Classified Evaluation and Certification System for Computer Information System Security Protection and Construction of an Internet Electronic Identity Authentication Management and Security Protection Platform” (the “1110 Project”). The project was successfully accepted on July 18, 2008, resulting in the formulation of more than 20 standards related to classified protection of information security, thereby laying the foundation for further improvement of China’s information security standard system.

 

From 2004 to 2006, the Ministry of Public Security, in conjunction with four other ministries and commissions, conducted baseline surveys and pilot programs for classified protection involving 65,117 entities and a total of 115,319 information systems, laying the foundation for the comprehensive implementation of classified protection work.

 

In 2007, following the successive issuance of two policies by four government departments, a special nationwide teleconference was held on July 20 to deploy the work of classifying security protection levels for key information systems. This meeting marked the official implementation of the Multi-Level Protection Scheme (MLPS) for information security.

 

In the history of China’s information and network security development, 2016 was a highly significant milestone. That year, the Cybersecurity Law was enacted, elevating the Multi-Level Protection Scheme (MLPS) to the legal level and marking the entry of MLPS into its 2.0 phase.

 

Compared with “MLPS 1.0,” MLPS 2.0 is not merely a concept of standard version update.

 

AsiaInfo Security believes that during the era of Classified Protection 1.0, data constituted the core component of security construction under the Classified Protection regime, with its requirements primarily categorized under the clauses “Technical Requirements – Data Security and Backup/Recovery,” “Technical Requirements – Application Security,” and “Technical Requirements – Host Security.”

 

In May 2019, the Chinese government released the "Multi-Level Protection Scheme (MLPS) 2.0 Standards," which came into effect on December 1, 2019. These standards introduce new security requirements for emerging technologies such as cloud computing, the Internet of Things (IoT), mobile internet, industrial control systems, and big data. Furthermore, the legal basis has been elevated from State Council Decree No. 147 under the MLPS 1.0 framework to the Cybersecurity Law of the People's Republic of China.

 

In the era of MLPS 2.0, the state has strengthened the protection of personal information by introducing the concept of unauthorized access, prohibiting the access to and use of personal user data without authorized account operations. “MLPS 2.0 provides more explicit protections for personal information.” AsiaInfo Security believes this represents another transformation brought about by MLPS 2.0 to medical data security.

 

“Entering the era of MLPS 2.0, regulatory authorities have imposed higher security compliance requirements on cloud computing, big data, the Internet of Things (IoT), and mobile technologies. Similarly, information security in the healthcare industry has seen many new focal points and directions for protection,” said Han Weidong, Executive Vice President of WebRAY Security, citing examples. Under the framework of MLPS 2.0, information security efforts in the healthcare sector place greater emphasis on data integrity and confidentiality, specifically addressing issues and challenges related to personal information protection, secure data transmission and storage, and the management of mobile applications and IoT devices. Overall, MLPS 2.0 sets higher and more granular requirements for cybersecurity in the healthcare industry, while also opening up broader opportunities for the application of emerging technologies.

 

In addition to the data security requirements under Classified Protection 2.0, the National Health Commission’s 2018 Administrative Measures for Standards, Security, and Services of National Health and Medical Big Data (Trial) also mandates that platforms hosting health and medical big data must comply with the Classified Protection scheme (without specifying a particular level). As hospitals adopting big data technologies are predominantly Grade A Tertiary hospitals, they generally implement Level 3 Classified Protection. Consequently, data security in healthcare institutions has become increasingly critical.


These Measures are also widely regarded as a detailed implementation of the Cybersecurity Law within the healthcare industry.

 

In May 2019, the State Administration for Market Regulation and the Standardization Administration of China officially released the national standards series on Classified Protection of Cybersecurity. The issuance of these standards provides important guidance for safeguarding and promoting the development of informatization in the healthcare industry, as well as for enhancing the cybersecurity protection capabilities of medical institutions.


On January 1, 2020, China’s first law in the field of cryptography, the Cryptography Law, officially came into effect, enabling patients, hospitals, and medical enterprises to use commercial cryptography to protect network and information security in accordance with the law.

 

On February 5, 2020, the National Health Commission issued the "Notice on Strengthening Information Technology Support for the Prevention and Control of Novel Coronavirus Pneumonia." The notice specifically emphasized: "Strengthen cybersecurity, with a focus on preventing cyberattacks, viruses, tampering, system paralysis, and data breaches; ensure smooth channels for information collection and dissemination; guarantee standardized data usage; effectively protect personal privacy; guard against sudden cybersecurity incidents; and provide reliable support for epidemic prevention and control efforts."

 

“Information security is the foundation for the successful digital transformation of healthcare platforms.” Han Weidong, Executive Vice President of WebRAY Security, believes that the sudden outbreak of the pandemic has forced the industry to accelerate business upgrades and substantive changes in healthcare digitalization. These changes include the top-down restructuring of the overall disease control and prevention system with the integration of new technologies, the accelerated construction of unified healthcare digital platforms, the establishment of smart healthcare empowered by internet technologies, and the further improvement of public health management and emergency response systems across society.


The Showdown Between Information Security Professionals and Malicious Hackers


The lack of cybersecurity protection in the healthcare industry both domestically and internationally has led to rapid growth in the related market size. According to a survey by Global Market Insights, the global healthcare cybersecurity market was valued at $8.2 billion in 2018 and is projected to grow at a compound annual growth rate (CAGR) of 19.1% through 2025.

 

According to data from relevant institutions, the scale of China’s ICT market in the healthcare industry exceeded RMB 40 billion in 2019, with cybersecurity accounting for approximately 10%. Han Weidong, Executive Vice President of WebRAY Security, predicts that despite budget tightening across various sectors due to the pandemic, the market size and cybersecurity investment in China’s healthcare industry will still see a certain degree of growth in 2020.

 

VCBeat’s previous article, “Analysis of 2019 Healthcare IT Bidding Data: Highest Bid Amount Approaches RMB 120 Million, with Tertiary Hospitals Accounting for 60% of Demand,” noted that among public medical institutions’ procurement activities in 2019, information security projects ranked second in number among all IT procurement items, totaling 459 projects and accounting for 11.4%, surpassed only by hospital-side informatization initiatives.

 

In 2016, the National Health Commission released the “Evaluation Methods for the Accreditation Standards of Tertiary General Hospitals (2016 Edition) (Full Version),” which reaffirmed that core business systems of tertiary hospitals must achieve Level 3 certification under the Classified Protection of Cybersecurity Multi-Level Protection Scheme (MLPS) to meet the cybersecurity requirements stipulated in the accreditation standards. This marked the first time that mandatory information security requirements were imposed on tertiary hospitals.

 

By 2018, the National Health Commission’s “Administrative Measures for Standards, Security, and Services of National Health and Medical Big Data (Trial)” stipulated that platforms hosting health and medical big data must comply with the Classified Protection of Cybersecurity. Since hospitals that generally adopt big data technologies are predominantly Grade A tertiary hospitals, their compliance assessments primarily focus on Level 3 evaluation. Meanwhile, the “Administrative Measures for Internet Hospitals (Trial)” also requires that platforms supporting internet hospitals must pass the Level 3 assessment of the Classified Protection of Cybersecurity.

 

The Cybersecurity Law also mandates that failure to pass the MLPS 2.0 assessment constitutes a legal violation. As a result, many Tier II hospitals that had not yet passed the assessment rushed to procure information security projects within the year to meet the requirements of the new MLPS evaluation. Driven by strong policy incentives, demand for information security solutions among healthcare institutions that have not yet complied with the new standards has naturally surged.

 

VCBeat Analysis: With the launch of performance assessments for secondary hospitals across China in 2020, and the strain on medical resources observed during the COVID-19 pandemic, the informatization process of secondary hospitals is likely to accelerate in 2020.

 

As the pandemic response continues, a decline in the efficiency of production and business operations across China is inevitable, which will impact project bidding and subsequent delivery. Zhong Yiming, Deputy General Manager of Sangfor Technologies’ Healthcare Division, believes that from the perspective of short-term business performance, the cybersecurity industry will inevitably be significantly affected. However, in the digital era, the development of smart cities is an overarching trend, and their construction will increase demand for IT infrastructure. Consequently, this will also drive up overall demand for cybersecurity solutions. In the medium to long term, the industry as a whole will remain on an upward trajectory.

 

Cai Yi, Director of Solutions at Meichuang Technology, stated that the market size for hospital information network security will only continue to grow. Influenced by the pandemic, awareness regarding the protection of personal privacy and data will gradually strengthen. The pandemic has also accelerated digital transformation in the healthcare industry, such as the development of internet hospitals, the construction of medical consortia, and the overall digital transformation of hospitals. This has expedited data interconnectivity and sharing, meaning that scenarios involving data flow will increase dramatically. As the pace of digital transformation in the healthcare industry quickens, hospital investment in informatization will also rise, leading to a corresponding increase in the proportion allocated to information security infrastructure. Furthermore, the application of new technologies will create new security markets.

 

In March 2020, the professional consulting firm specializing in enterprise information security, “Aqniu,” released the “2020 China Cybersecurity Industry Landscape.” This landscape is categorized into 16 primary security domains (with 15 actually included) and 100 secondary sub-domains (with 88 actually included). VCBeat has compiled the details as follows:

 234.jpg

 

Every niche segment in the table above has its share of pioneers. Leveraging their respective strengths, technology professionals are tackling information security challenges and addressing vulnerabilities across numerous—even dozens of—specialized security domains. On this basis, VCBeat has compiled a list of 46 information security companies whose business offerings include cybersecurity solutions for the healthcare industry:

 12.png

23.png

34.png

45.png


As can be seen from the table, financing activities in the information security sector remained frequent in 2019, a year dubbed the “capital winter.”

 

Anxin Wangdun, Bangbang Security, and Lianchuang Technology have successively completed financing rounds. DPtech and DBAPPSecurity have listed on the ChiNext Board and the STAR Market, respectively. Guan’an secured over RMB 100 million in its Series B+ financing round in the first quarter, setting a positive tone for this sector, while Qi An Xin completed a RMB 1.5 billion Pre-IPO financing round in September.

 

The first quarter of 2020 has passed, and companies in the information security sector have delivered impressive performance. On one hand, financing momentum remains strong: SkyGuard and Zhizhangyi both secured hundred-million-yuan Series B+ funding rounds, while Tongfudun followed closely by completing an equity financing round. On the other hand, in response to cybercriminals exploiting cybersecurity vulnerabilities during the pandemic, information security firms launched emergency support initiatives, actively providing equipment, personnel, and technical assistance.

 

Meichuang Technology, leveraging its capabilities in data security and data governance, announced that from February 4 until the state declares an end to the epidemic, it will provide enterprises across various industries with free product services—including anti-ransomware solutions, database auditing, integrated operations and maintenance appliances, and data masking—as well as remote services for database operations and maintenance and server security.

 

During the pandemic, AsiaInfo Security swiftly launched an emergency aid operation for Wuhan, establishing an expert support team in the city at the earliest opportunity to provide cybersecurity assurance for Wuhan Huoshenshan Hospital. Additionally, two project teams from AsiaInfo Security, responsible for the national “Internet + Supervision” platform and the unified identity authentication system of the National Government Service Platform, provided on-site technical support and operational maintenance. Notably, the national “Internet + Supervision” platform, tasked with pandemic analysis, urgently deployed a pandemic analysis system within just five days.

 

During the COVID-19 pandemic, the Wuhan Municipal Government launched the “Wuhan Mayor’s Hotline,” offering public access to exclusive epidemic-response services such as online consultations and an intelligent epidemic assistant. The average daily number of hotline interactions surged from 5,000 to over 10,000. Deployed on China Telecom’s Tianyi Cloud, the “Wuhan Mayor’s Hotline” benefited from Sangfor Technologies’ collaboration with Tianyi Cloud, which provided reliable and stable vSSL VPN services to fully support frontline epidemic prevention and control efforts.

 

To address unknown vulnerability attacks, Qi An Xin released the industry’s first third-generation security engine, “Tiangou,” in January 2020. In March, WebRay launched free services for its WebRAY Beacon monitoring and early warning platform, resources from its cyberspace mapping platform, and a ransomware security solution tailored for the healthcare sector (the Sentinel Solution), helping healthcare users win the “contactless” cyber battle against the epidemic.

 

In fact, during the pandemic, the accompanying cyber threats posed a severe test to all industries. No enterprise in the field of information security remained on the sidelines; instead, each leveraged its core competencies to fight against the darkness amidst the gloom of the pandemic.

 

Resolving External Threats, Eliminating Internal Worries


Cai Yi, Director of Solutions at Meichuang Technology, believes that with the growing attention on new infrastructure and data becoming the fifth major factor of market production—following land, labor, capital, and technology—the unique status and value of data are driving the industry to reexamine data security issues. “Therefore, the primary concern is security architecture. As traditional network boundaries become blurred and disappear, we need to evolve our security architecture from a new perspective.”


Meichuang Technology first defines a clear protection objective—data—and approaches data security from three perspectives: assets, intrusion, and risk, thereby implementing robust data security safeguards. This strategy addresses external threats such as hacker attacks, ransomware, and social engineering, while also mitigating internal risks to data security arising from factors such as software developers and users with elevated privileges.


Major internal threats to hospitals may include insiders stealing sensitive data driven by financial gain, and the leakage of sensitive information due to lost BYOD (Bring Your Own Device) devices. Drawing on years of experience serving the healthcare industry, AsiaInfo Security recommends that hospitals implement top-down data governance, establishing a rigorous and controllable security framework spanning from data collection to secondary use.


This conclusion is supported by data. The 2018 “Protected Health Information Data Breach Report” released by Verizon indicated that 57.5% of data breaches experienced by surveyed healthcare providers were caused by insiders, while only 42% were attributable to external attackers. Although external attacks can be prevented through technical measures, insider threats remain notoriously difficult to guard against.


Han Weidong, Executive Vice President of WebRAY Security, stated that compared to other industries, the healthcare sector still lacks sufficient attention and emphasis on information security, exhibits weak risk awareness, and suffers from inadequate regulatory oversight. The industry as a whole lacks a comprehensive security framework and a complete, mature set of procedural systems, including emergency response mechanisms. This is particularly evident in primary and secondary healthcare institutions, which, due to their inability to assign dedicated personnel to specific roles, face significant gaps in systematic development and professional technical support.


The most vulnerable point of a city wall is not its exterior, but its interior. The same holds true for cybersecurity. Zhong Yiming, Deputy General Manager of Sangfor’s Healthcare Division, likens the cybersecurity awareness of internal personnel to the most critical plank in the “wooden bucket” that represents an organization’s cybersecurity posture. “Its length determines the ultimate level of cybersecurity an organization can achieve.”


Therefore, strengthening cybersecurity awareness training for personnel and implementing cybersecurity management systems constitute a critical yet often overlooked component of cybersecurity protection initiatives.


We extend our gratitude to the following guests for accepting our interviews and providing relevant information (listed in no particular order): colleagues from AsiaInfo Security; Zhong Yiming, Deputy General Manager of the Healthcare Division at Sangfor Technologies; Cai Yi, Director of Solutions at Meichuang Technology; and Han Weidong, Executive Vice President of WebRAY Security.


References:

2019 Cybersecurity Observation Report for the Health and Medical Industry

China Academy of Information and Communications Technology: "2020 Digital Healthcare: Research Report on Cybersecurity Risks During Epidemic Prevention and Control"

Economic Information Daily: Healthcare Industry’s Information Security Sounds Alarm; Hacker Attacks Could Lead to Massive Leakage of Citizens’ Personal Data

Tencent Smart Security: “Investigation Report on the Risk of Sensitive Data Leakage in Internet Healthcare Services”

Huxiu App: Is Medical Data More Valuable? The Hidden Risk of Data Breaches in Healthcare Digitalization

Aqniu: Landscape of China’s Cybersecurity Industry (7th Edition, March 2020) Released