by At the beginning of February, the Mackay Memorial Hospital employees tried to access patient files in Taiwan when they noticed a problem. A virus had torn through his computer system, which led to hundreds of computers crash and blocked access to patient files.
It was the work of a 20-year-old Chinese hacker named Lo Chyu, known as “Crazyhunter”, who, according to the police, stole 16.6 million patient files.
Lo called for a ransom of $ 100,000, but when the hospital was rejected, he founded a website on which he published the names of the victims and also threatened their documents.
However, security experts managed to rule out the virus without exchanged money.
Since February, Taiwan has had an increase in the number of cyber attacks against hospitals as well as the local government and the tax offices, with the majority of China.
China claims that Taiwan, as part of his territory, that the government in Taipei firmly rejected, and has threatened to penetrate the island several times.
While Beijing does not yet use full -grown violence, it has used a wide range of “gray zones” measures that fall off against open war, but try to force Taiwan and drag down the country before a possible attack.
In the past three years, Taiwan has made considerable progress in the development of mechanisms to protect itself from Chinese gray -zone attacks, but there are many weaknesses, especially in the cyber space.
“You have no ability to attack our website of the Department of Defense or the website for foreign matters or on the website of the Ministry of Digital Affairs,” said Herming Chiueh, the deputy minister of digital affairs in the country.
“So you have to shift your attack to our weak part, namely hospitals,” he said during an interview in June.
Mr. Chiueh’s rise in the job reflects the rapid growth of the cyber security team in Taiwan and his growing skills.
He took on the role in 2022 – in the same year in which the Ministry was founded – from his work as an engineering professor at a university in Hsinchu, Taiwan’s main technology hub.
In three short years, the cyber security mandate in Taiwan has grown from a team of 20 within the executive to almost 500 people that spread throughout the government because the country is exposed to a rapidly reinforced crisis.
Last year, the island experienced an average of 2.4 million cyber attacks every day -twice as high as in 2023 -with 80 percent governmental authorities.
While the data for the first half of 2025 are not yet available, Chiueh said that the amount had only increased further.
This is partly due to the fact that Taiwan now has more sensors that can recognize the attacks, and partly because China has thrown so many resources into the expansion of his cyber technology and the ability to introduce cyber attacks.
Attacks on hospitals
Hospital networks store some of the most personal information about one person – from family history to detailed reports on diseases, which means that they are presented primarily for an opponent.
The attacks against hospitals, which mainly focus on obtaining personal data, seems to be an attempt to demonstrate his cyber strengths.
They are probably part of China’s multi -stage effort to intimidate Taiwan by highlighting its weaknesses and laying the basics for a potential future invasion.
“The only purpose is to try to humble and show that they have the ability to disturb us as a society,” said Chiueh.
He explained that the hackers often publish the data that they harvest on the dark web as a trophy, similar to what LO had to do with the data of the Mackay Memorial Hospital.
Lennon Chang, expert for cyber security and deputy professor at Deakin University in Australia, said that Chinese hackers could convey the ability of the government to protect its citizens by publishing sensitive information in the online public.
“It could create negative impressions or pictures of managers in Taiwan,” he said.
Hospitals are also an essential part of the resistance of a country during the war. The ability of an opponent to interrupt or make the health network of a goal during an attack could offer them a significant advantage.
“You could try to reveal the weaknesses of these hospitals in such a way that they will be able to hack and switch the system into hospitals in critical times, or to create a chaos,” said Chang.
Seven “cyber armies”
Taiwan has traced most of his cyber attacks to China, and the Ministry of Digital Affairs suspects that the Communist Party of the Chinese Communists is behind many, although the exact share is unknown.
Mr. Chiueh explained that China had seven “cyber armies” – two of them concentrate exclusively on Taiwan, while in contrast to the United States.
In April last year, China founded the Cyberspace Force of the People’s Liberation Army – the latest iteration of a military unit by Cyber Warfare, which is operated in the secret to maintain the “national cyber sovereignty”.
Mr. Chiueh said: “If you compare cyber attacks with the US and Taiwan federal governments, our government will receive seven times the number of attacks.”
The monthly cyber security report by the Ministry of Digital April found that the most common type of attack was the information collection, followed by intrusion, which was mainly accessed to systems.
A kind of intrusive attack that the Ministry has followed, the DDOS attacks (Distributed Denial of Service) are flooding with traffic to close them.
These attacks have increased six times in the past three years, with a remarkable increase after Nancy Pelosi’s visit to Taiwan in August 2022 as a spokesman for the US representative house.
Ms. Pelosi was the first high -ranking official to visit Taiwan for 25 years. China saw the visit as a sign of the support of the USA for the island and reacted with a wave of Grey zone tactics that so far.
“There is a pattern with DDOS attacks. The attack begins at 9 a.m., then there will be a lunch break from 12 p.m. to 1 a.m., then the attacker will end around 5,” said Chiueh. “The working hours are in the same time zone as we are.”
Taiwan has also thought of the IP addresses of many hacks on compromised devices that are known to be connected to the Chinese military.
The types of information that aims in many cyber attacks also indicate that the Chinese government is responsible.
Chinese hackers used “very highly developed social engineering” such as Phishing software to address the personal devices of “specific government officials” and “many intel to collect these people,” said Chiueh.
“The reason why you have to collect data is to attack our critical infrastructure or use the information you collect to spread disinformation or misinformation. Both are the behavior of an enemy enemy,” said Chiueh.
Underwater weak spots
While cyber security for Taipei remains a focus, another emerging threat to gray zones is the country’s underwater and boat cable.
Taiwan relies on 24 underwater cables – 14 international and 10 domestic – 99 percent of its internet traffic.
These cables are usually buried at least a few meters under the seabed to protect them, but Chinese ships continue to find ways to train them.
Since 2019 there have been dozens of incidents in which Chinese ships were involved – often fishing or freight boats – that have destroyed the cables and cut internet access to entire islands.
In 2023, two boats cut off the cables that make the Internet available for Taiwan in Matsu Island and combine 12,000 inhabitants for almost two months without connection.
Beijing has routinely refused any responsibility for these incidents and claims that they are either accidents or that the damage was caused by natural expression.
Mr. Chiueh said that the likelihood of an attack against Taiwan underwater cable is higher today than that of a large cyber attack, since “the costs are much higher than rent a few boats to shorten our underwater cables”.
Taiwan took measures to prevent any kind of destruction. In 2023, after the Matsu incident, Taiwan changed his telecommunications law to criminalize underwater cable attacks with a punishment of one to seven years in prison and a fine of up to NTD $ 10 million (£ 250,000).
Last week, Taiwan condemned a Chinese boat captain to three years in prison because he had damaged an underwater cable that connects the main island of Taiwan with the remote Penghu Islands.
However, a stronger punitive measure is not the only way Taiwan reacted to China’s growing pressure – the island has also improved its own resilience and deterrent skills.
Mr. Chiueh said that the two cables after Matsu were damaged again at the beginning of this year due to natural causes, but instead of waiting for six weeks, the residents were almost immediately online because new microwave backups were installed on the island.
Taiwan’s ability to prevent cyber attacks also improves. While the number of attacks increased this year, there were fewer violations compared to the previous year.
However, experts warn that the country still has a way. Mr. Chang said that China would start a comprehensive cyber attack tomorrow, Taiwan would “definitely be in great difficulty”.
“Taiwan has built up a good capacity in cyber resistance in recent years, but areas still have to be addressed,” added Mr. Chang.
