Read the story in Japanese
OSAKA, Japan — When Dr. Satoshi Fujimi headed to work at Osaka General Medical Center on the morning of Oct. 31, 2022, he thought he would be briefing the hospital’s management on its disaster response plan.
He didn’t know that he would soon be in the thick of an actual disaster at the public hospital.
A ransomware attack.
“I turned on my computer at 7 a.m. and noticed it was slower than usual. We barely managed to print out a list of patients” said Fujimi, the head of emergency services and disaster response.
Less than two hours later, the severity of the problem came to light. The hospital had suffered a crippling ransomware attack that cut off access to its systems for electronic medical records, patient management and internal communications.
“It was shocking,” said Yasuyuki Awakura. The general manager of the administration office, he led the response team handling the cyber-attack. “When I entered the lobby, it was very crowded, and chaotic.”
Yasuyuki Awakura, general manager of Osaka General Medical Center’s administration office, with a screenshot of the ransomware demand received by the hospital. Photo by Noriko Hayashi for Microsoft.
The hospital – one of Osaka’s largest with an average of 1,300 outpatients a day – was forced to suspend outpatient treatment, scheduled operations and emergency admissions. Emergency surgeries and inpatient care at the 865-bed facility continued. But the doctors and nurses had to resort to using paper records of patient information.
“There was a lot of confusion and anxiety in the first week,” said Fujimi.
A week later, after a response team and decision-making structure had been set up, staff members were calmer and more hopeful, he said. It would take more than two months, however, before the hospital could resume normal operations.
The attack sparked change. Two years later, Osaka General partnered with Microsoft to put in place upgraded digital tools across its security systems and work processes.
Security revamp
Investigations traced the source of the malware to an infected server at a third-party vendor, which supplied meals for patients. The hackers then found their way to the hospital’s server via an external link between the vendor and the hospital.
The probe also revealed security flaws at Osaka General.
“The biggest problem we had was that common passwords were used across our servers,” said chief information officer and cardiologist Dr. Takashi Morita. “Because of this, it wasn’t just the attacked server that became encrypted, but also other servers, such as those housing electronic medical records.”
Chief information officer and cardiologist Takashi Morita with the hospital’s on-site servers. The hospital now deploys Microsoft Defender, including Endpoint Detect and Response, to identify threats and block malware. Photo by Noriko Hayashi for Microsoft.
Another mistake, common amongst hospitals in Japan, said Morita, was thinking that the electronic medical records would be shielded from attack because they were in a closed environment isolated from the internet.
The team took immediate steps to secure the servers, setting up unique user IDs and passwords and enabling account locks. But the incident demonstrated a more extensive security revamp was needed.
Dr. Takeshi Shimazu, the hospital’s president, said “we were due to replace our sixth-generation systems anyway by March 2024. But after the ransomware attack, we realized that the same cybersecurity measures wouldn’t be enough. So, we had to decide between adding something new to the seventh-generation system or do a complete overhaul.”
Osaka General, recognized in Newsweek’s 2025 published rankings of leading hospitals, decided to stick with its systems upgrade from an existing vendor. “But we added a Microsoft environment on top of that,” he said.
Secretary general Junta Nakahara (left), president Takeshi Shimazu (center) and director Kazuhiro Iwase (right). In October 2024, the hospital migrated part of its core system to the cloud with Microsoft Azure and began using Microsoft 365 for its work processes. Photo by Noriko Hayashi for Microsoft.
Since October 2024, the hospital has deployed Microsoft Defender, including Endpoint Detect and Response, to identify threats and block malware, and Microsoft Entra ID to control access to its network, both on-premises and in the Microsoft Azure cloud. Staff members use multi factor authentication tools – including security badges, chip readers, facial recognition software, passkeys – to log on from their desk or remotely.
These procedures form part of the hospital’s transition to a zero-trust architecture, so called because the system assumes no one is trusted inside the hospital network and verifies each access request every time. Users only get access to what they need to do their jobs.
Now, the tech team is fastidious about monitoring operating system updates and sending out security patches for the hospital’s 200 servers and 2,300 computers.
“At the time we didn’t understand VPNs or firewalls inside the hospital well,” said Awakura of the administration office. “So, we didn’t realize how important these monitoring systems were.”
The hospital also migrated part of its core system – containing data such as consultation records and prescription orders – and some electronic medical records to the cloud, using Microsoft Azure.
In addition, the hospital began using Microsoft 365 for its work processes.
Both Microsoft Azure and Microsoft 365 have built-in security and privacy features – such as encryption, access controls and audit logs – that enable the hospital to protect sensitive patient data and comply with industry regulations.
“Our staff breathe in the security system just like air, it’s taken for granted. It’s as stable as that,” said Shimazu of these changes.
Making work easier
Moving to a new, more secure technology environment has also made work life easier.
Dr. Haku Tanaka slid into his chair and tapped a white plastic disc against the chip reader on his desk. Within seconds, the camera clipped to his computer monitor whirred to life. His face appeared on the screen. The system recognized him as one of Osaka General’s neurosurgeons, granting him access to the hospital’s network. He clicked on a chat group, and an image of a brain scan popped up.
“Teams and SharePoint allow us to share images while protecting patient confidentiality,” he said. “This has been very helpful.”
He was referring to tools for communication and file storage within the full suite of Microsoft 365 apps currently used by the hospital’s 2,000 employees.
These were rolled out in October 2024, as part of Osaka General’s systems upgrade.
AloJapan.com