Utsunomiya Central Clinic in Japan experienced a ransomware attack on February 10, 2025, leading to potential exposure of personal and medical information of up to 300,000 individuals. The clinic immediately took precautionary measures by disconnecting its servers from both internal and external networks, which resulted in a temporary suspension of medical consultations and health checkup services. Although financial details such as bank accounts and credit card information were not compromised, the breach still affected sensitive patient and staff data.
The compromised information includes personal details such as names, dates of birth, addresses, phone numbers, email addresses, and medical records.
The clinic has reported that no misuse of the exposed data has been confirmed so far. It has been working closely with external investigative agencies, including the police, to address the issue and prevent further breaches. The clinic has also taken steps to secure its data management system and strengthen its cybersecurity protocols.
As the investigation continues, Utsunomiya Central Clinic has assured the public that they are fully committed to restoring their internal systems and resuming normal operations as soon as possible. The clinic is collaborating with data protection authorities, including Japan’s Personal Information Protection Commission and the Ministry of Health, Labor, and Welfare, to improve its information security practices. The clinic has also warned the public to be cautious of suspicious communications, including fraudulent emails or phone calls, that might arise from the breach.
To support the affected individuals, the clinic has opened a hotline for inquiries. However, it has warned that there may be delays due to the high volume of calls expected. The clinic has also emphasized that they are taking all necessary steps to mitigate future risks and restore full services to their patients and staff.
Reference:
