Taiwan Issues Warrant for Chinese Hacker After Hospital Data Breach

Authorities Identify and Pursue Suspect in Cyberattack Targeting MacKay Memorial Hospital

Taiwanese authorities have identified a Chinese national, Lo Chengyu (羅政宇), residing in China's Zhejiang Province, as the individual responsible for the cyberattack on MacKay Memorial Hospital. The Criminal Investigation Bureau announced yesterday that Lo illegally accessed the hospital's systems and attempted to sell patients' personal information after a failed ransom attempt.

The bureau forwarded the case to the Taipei District Prosecutors’ Office and issued a wanted notice for Lo. He is accused of violating articles 346, 359 and 360 of the Criminal Code and the Personal Data Protection Act (個人資料保護法).

This marks the first time Taiwanese authorities have identified a Chinese hacker. The attack occurred on February 6th, with the ransomware uploaded by Lo, who used the pseudonym Crazyhunter, according to the bureau’s High-Tech Crime Center Director-General Rufus Lin (林建隆).

Lo demanded a ransom of US$100,000, which MacKay Memorial Hospital refused. Following the denial, the hacker put the personal information of approximately 16.6 million hospital patients up for sale on February 28th, prompting the hospital to report the hacking to the Taipei City Police Department’s Zhongshan Precinct, said Lin.

The investigation, conducted jointly by the Taipei City Police Department’s Criminal Investigation Division and the center, revealed that 11 establishments were targeted in similar cybercrime cases within the past two months. The malware coding and methods employed were consistent across these incidents, according to Lin.

Investigators traced the Internet protocols to Lo, a 20-year-old resident of Zhejiang working at an Internet security firm. The hacker demanded between US$800,000 and US$2.5 million from all targeted establishments, and it is believed he received at least US$1 million in illegal proceeds, the bureau stated.

The bureau further asserted that Lo's actions undermined Taiwan’s social order and his ransom demand constituted a psychological threat to the Taiwanese public.