После масштабной атаки программ-вымогателей больница в Осаке обеспечивает кибербезопасность и более плавные рабочие процессы

Прочтите эту историю на японском языке

ОСАКА, Япония. Когда доктор Сатоши Фудзими направлялся на работу в Главный медицинский центр Осаки утром 31 октября 2022 года, он думал, что будет информировать руководство больницы о плане реагирования на стихийные бедствия.

Он не знал, что вскоре окажется в центре настоящей катастрофы в государственной больнице.

Атака программы-вымогателя.

"Я включил свой компьютер в 7 утра и заметил, что он работает медленнее, чем обычно. Мы едва успели распечатать список пациентов", - сказал Фуджими, глава службы экстренной помощи и реагирования на стихийные бедствия.

Менее чем через два часа стала очевидна серьезность проблемы. Больница подверглась масштабной атаке программы-вымогателя, которая перекрыла доступ к ее системам электронных медицинских записей, ведения пациентов и внутренней коммуникации.

"Это было шокирующе", - сказал Ясуюки Авакура. Генеральный менеджер административного отдела, он возглавлял группу реагирования на кибератаку. "Когда я вошел в вестибюль, там было очень многолюдно и царил хаос".

Больница – одна из крупнейших в Осаке, принимающая в среднем 1300 амбулаторных пациентов в день – была вынуждена приостановить амбулаторное лечение, плановые операции и экстренную госпитализацию. Неотложные операции и стационарное лечение в учреждении на 865 коек продолжались. Но врачам и медсестрам пришлось прибегнуть к использованию бумажных носителей информации о пациентах.

"В первую неделю было много путаницы и беспокойства", - сказал Фуджими.

Неделю спустя, после того как была создана группа реагирования и структура, ответственная за принятие решений, сотрудники были спокойны и полны надежд, сказал он. Однако потребовалось более двух месяцев, прежде чем больница смогла возобновить нормальную работу.

Нападение привело к переменам. Два года спустя Osaka General в партнерстве с Microsoft внедрила обновленные цифровые инструменты в свои системы безопасности и рабочие процессы.

В ходе расследования было установлено, что источником вредоносного ПО был зараженный сервер стороннего поставщика, который поставлял питание для пациентов. Затем хакеры проникли на сервер больницы по внешнему каналу связи между поставщиком и больницей.

Проверка также выявила недостатки в системе безопасности больницы Osaka General.

"Самая большая проблема, с которой мы столкнулись, заключалась в том, что на наших серверах использовались общие пароли", - сказал директор по информационным технологиям и кардиолог доктор Такаши Морита. "Из-за этого шифровался не только атакованный сервер, но и другие серверы, например, те, на которых хранятся электронные медицинские записи".

По словам Мориты, еще одна ошибка, распространенная среди больниц Японии, заключалась в том, что они думали, что электронные медицинские карты будут защищены от атак, потому что они находятся в закрытой среде, изолированной от Интернета.

The team took immediate steps to secure the servers, setting up unique user IDs and passwords and enabling account locks. But the incident demonstrated a more extensive security revamp was needed.

Dr. Takeshi Shimazu, the hospital’s president, said "we were due to replace our sixth-generation systems anyway by March 2024. But after the ransomware attack, we realized that the same cybersecurity measures wouldn’t be enough. So, we had to decide between adding something new to the seventh-generation system or do a complete overhaul."

Osaka General, recognized in Newsweek’s 2025 published rankings of leading hospitals, decided to stick with its systems upgrade from an existing vendor. "But we added a Microsoft environment on top of that," he said.

Since October 2024, the hospital has deployed Microsoft Defender, including Endpoint Detect and Response, to identify threats and block malware, and Microsoft Entra ID to control access to its network, both on-premises and in the Microsoft Azure cloud. Staff members use multi factor authentication tools – including security badges, chip readers, facial recognition software, passkeys – to log on from their desk or remotely.

These procedures form part of the hospital’s transition to a zero-trust architecture, so called because the system assumes no one is trusted inside the hospital network and verifies each access request every time. Users only get access to what they need to do their jobs.

Now, the tech team is fastidious about monitoring operating system updates and sending out security patches for the hospital’s 200 servers and 2,300 computers.

"At the time we didn’t understand VPNs or firewalls inside the hospital well," said Awakura of the administration office. "So, we didn’t realize how important these monitoring systems were."

The hospital also migrated part of its core system – containing data such as consultation records and prescription orders – and some electronic medical records to the cloud, using Microsoft Azure.

In addition, the hospital began using Microsoft 365 for its work processes.

Both Microsoft Azure and Microsoft 365 have built-in security and privacy features – such as encryption, access controls and audit logs – that enable the hospital to protect sensitive patient data and comply with industry regulations.

"Our staff breathe in the security system just like air, it’s taken for granted. It’s as stable as that," said Shimazu of these changes.

Moving to a new, more secure technology environment has also made work life easier.

Dr. Haku Tanaka slid into his chair and tapped a white plastic disc against the chip reader on his desk. Within seconds, the camera clipped to his computer monitor whirred to life. His face appeared on the screen. The system recognized him as one of Osaka General’s neurosurgeons, granting him access to the hospital’s network. He clicked on a chat group, and an image of a brain scan popped up.

"Teams and SharePoint allow us to share images while protecting patient confidentiality," he said. "This has been very helpful."

He was referring to tools for communication and file storage within the full suite of Microsoft 365 apps currently used by the hospital’s 2,000 employees.

These were rolled out in October 2024, as part of Osaka General’s systems upgrade.

While productivity gains from technology can help lighten the load in the notoriously overworked health sector, other structural challenges remain.

Japan’s rapidly aging population and low birthrate mean more medical care will be needed, but there will be fewer workers to provide it, said Marc Einstein, research director at technology market research firm Counterpoint Research.

"The Japanese government projected that there was a shortfall of 250,000 healthcare workers this year, and with the median age approaching 50, the situation will likely become worse in time," he said.

Investment in generative AI that frees workers from routine tasks could ease the strain. But finances at public hospitals like Osaka General are tight, with the fees charged for medical services not keeping pace with rising costs and wages.

The hospital president, Takeshi Shimazu, said that "every Japanese hospital is struggling financially. It’s a big decision how much you can invest in new technology … About 80% of publicly funded hospitals are in the red, so the decision to invest is a tough one."

Instead, the hospital is focusing its efforts on making the most of what tools they have now, said Junta Nakahara, the hospital’s secretary general. One way is by tapping its younger employees for fresh ideas.

One idea that has taken off came from the Young Members Teams Utilisation Project. It’s a digital patient feedback form, created using Microsoft Forms. Since April 2025, patients can eschew pencil and paper and instead scan a QR code with their phones to access the forms.

"The person in charge of feedback now spends less time reviewing all the responses," said Kanako Sugita from the management planning division, and one of the team members.

Members of the project are also avid users of Copilot Chat, which comes free with the hospital’s Microsoft 365 contract. It’s a web-based general-purpose AI assistant compared with Microsoft 365 Copilot, which provides more personalized, context-rich responses.

Hinako Akeyoshi asks Copilot Chat to organize opinions aired at meetings, summarize the issues and suggest next steps.

"When I first used Copilot Chat in October 2024, I asked many general questions, and it took a long time to get the answer I needed. One year on, the scope of the questions has narrowed, and the process has become shorter. I trained the AI, and I developed the AI," she joked.

Nurses too, have been using Copilot Chat, to transcribe and summarize conversations or check their work for missing information.

"We created an evaluation sheet for newcomers and asked Copilot Chat if we had left anything out," said assistant head nurse Yoko Kamei.

They would like to see more AI assistance in future, especially for administrative tasks.

"I spend many hours manually checking the nurses’ duty roster to make sure we have the right combination of skills on each shift," said assistant head nurse Toshie Konaka. "It’s cumbersome work."

Noting Osaka General’s "proactive approach to cybersecurity," Einstein from Counterpoint Research said the addition of AI tools on top of that will enhance security and productivity going forward.

For now, Osaka General is quietly confident that it has emerged from the cyber-attack with a strengthened security framework and improved work processes. It also has seasoned professionals who know what to do if hackers strike again.

"We should always be prepared to establish an organization structure and give each individual a role that’s easy for them to understand and execute," said disaster response head Fujimi. "When people know what they are supposed to do, they can be calm and do it properly."

Top Image: Dr. Satoshi Fujimi in front of the Osaka General Medical Center. The hospital has emerged from the cyber-attack with a strengthened security framework and improved work processes. Photo by Toru Hanai for Microsoft.

According to Tanaka, being able to securely discuss, for instance, a stroke patient’s cerebral bleeding with colleagues across different departments via Teams can make all the difference. Especially for the lone doctor on night shift duty who must decide how best to treat that patient.

"We used to do this via phone calls. Teams is a big improvement and less stressful," said Tanaka, who has been a neurosurgeon for 11 years. "I believe this hospital is among the most advanced of the other Japanese hospitals I’ve worked at."

For head nurse Masami Murai, being able to centralize, organize and share information has been a boon for her 1,000-strong team.

They have created chat groups in Teams for different purposes – for example one for head nurses, another for disaster response – making communications more effective and efficient. This is far easier and quicker than what they used to do – track down individual email addresses and draft formal emails.

"Before, it was just top-down communication. Now we have bottom-up communication. And we can combine a variety of opinions to come up with new solutions, sparking the nurses’ ingenuity," she said.

The nurses also use SharePoint to store and share training videos.

Head of Urology Dr. Tetsuya Takao said he is more effective at work since he began using Microsoft 365.

"Even if I’m at home, I can open a file or document on Teams," he said. "So my work has become easier." He observed that he can check on a patient’s condition from wherever he is and that information can be communicated "all at once to everyone."

Workplace reform, or work-life balance, is a major issue for every health care professional in Japan currently, said Dr. Kazuhiro Iwase, director at Osaka General. "It would be good to use technology to benefit our employees."