China’s New Front: Hospital Cyber-Raids Aim to Intimidate Taiwan
Taiwan’s health sector is reeling from a surge of ransomware and data-theft operations that officials say originate inside mainland China, part of an intensifying “grey-zone” campaign designed to unsettle the island without firing a shot.
From one breach to an island-wide onslaught
The crisis erupted in February when ransomware dubbed “Crazy Hunter” crippled more than 500 computers at Taipei’s MacKay Memorial Hospital and siphoned off an estimated 16.6 million patient records. The 20-year-old attacker, Lo Cheng-yu (“Crazyhunter”), demanded US $100 000 and published victims’ names after the hospital refused to pay.
Although government responders cleansed the network, the incident proved a harbinger. Since then, hospitals, tax offices and local governments have logged a sharp rise in intrusion attempts, the vast majority traced to Chinese IP space.
Beijing’s “humiliation” playbook
Taiwan’s deputy minister of digital affairs Herming Chiueh says hackers linked to Beijing have shifted away from hardened ministries toward “soft targets” rich in personal data, hoping to shake public confidence and showcase China’s reach.
Security analysts add that hospital dossiers—containing medical histories, family contacts and insurance details—offer espionage value now and a sabotage vector should armed conflict erupt.
Attack volume still climbing
Official telemetry recorded 2.4 million cyber strikes per day against Taiwanese government systems in 2024, double the previous year; roughly four-fifths originated in China. Early-2025 readings suggest the curve is still rising as Beijing pours resources into its newly formed PLA Cyberspace Force.
Distributed-denial-of-service (DDoS) floods remain the most visible tactic. Logs show bursts starting at 9 a.m., pausing for lunch, and ending at 5 p.m.—mirroring working hours on the mainland. Intrusion attempts, however, focus on credential theft and covert data exfiltration.
Patching the digital triage unit
In response to the MacKay breach, Taipei issued tighter cybersecurity rules for hospitals and ramped up audits across public clinics. The Ministry of Digital Affairs has ballooned from a 20-person task force in 2022 to nearly 500 cyber defenders embedded across agencies, yet officials concede that legacy IT and tight budgets still leave gaps.
Submarine cables—the lifelines that carry 99 percent of Taiwan’s internet traffic—pose another weak point. Chinese fishing vessels have repeatedly severed lines to outlying islands, prompting Taipei to criminalise cable tampering and install microwave back-ups.
A test of resilience
Researchers warn the hospital blitz is only one strand of a wider coercion strategy that also includes disinformation campaigns on social media. While Taiwan’s detection rates are improving, experts say a concerted, full-spectrum cyber offensive could still paralyse critical services.
For now, the island races to inoculate its weakest networks before the next wave hits—aware that in grey-zone conflict, the battle for hearts, minds and medical records may precede any contest for territory itself.
Photo Credit: DepositPhotos.com