Key Takeaways

  • In June 2024, hackers advertised 112,000 patient and medical staff records from Hanoi's Hong Ngoc General Hospital on dark web markets
  • Data included patient diagnoses, treatment histories, staff credentials, and administrative records
  • Healthcare cybersecurity in Vietnam is significantly underfunded relative to the sector's digital transformation pace
  • Vietnam ranked among ASEAN's top 6 most cyberattacked nations in 2023-2024 alongside Thailand, Philippines, Singapore, Indonesia and Malaysia
  • AI is being used to generate fake medical platforms to harvest Vietnamese patient data at scale

The Facts

On dark web forums popular with data brokers and identity thieves, a listing appeared in June 2024 offering what the seller described as a comprehensive dump of records from Hong Ngoc General Hospital in Hanoi — one of Vietnam's largest private hospital groups. The dataset, covering 112,000 patients and medical staff, included names, identification numbers, diagnosis records, treatment histories, contact information, and internal staff credentials.

The medical record category is among the most valuable on dark web markets — consistently commanding higher prices than financial records because medical data enables a broader range of fraud: medical identity theft (using someone else's insurance for treatment), targeted phishing using personal health details, and blackmail leveraging sensitive diagnoses.

Hong Ngoc is not a small or obscure institution. The hospital group operates multiple facilities in Hanoi, serving both Vietnamese nationals and expatriates, and has been actively marketing health tourism services to regional visitors. The breach affected both domestic patients and international visitors — expanding its potential fraud surface beyond Vietnam.

Vietnam's Positive Technologies-tracked incident data placed the country among the six most cyberattacked ASEAN nations in the 2023-2024 period, with 67% of all recorded incidents concentrated in 2024.

Technical Deep-Dive

Healthcare data breach methodology typically follows a consistent pattern. Electronic Health Record (EHR) systems — the databases storing patient medical histories — are valuable, networked, and often protected with security controls that lag the sophistication of enterprise IT environments. In many Vietnamese private hospitals, EHR implementations proceeded rapidly during the 2020-2023 digitisation wave without proportional investment in security.

Web-facing patient portals — for appointment booking, test result access, and telemedicine — represent the most common initial access vector. Vulnerabilities in portal authentication (weak passwords, no MFA, unpatched web application flaws) provide attackers with entry to the systems behind the portal.

From the portal, lateral movement to the core EHR database is often enabled by overprivileged application accounts — service accounts that have database read/write permissions broader than their specific function requires. A compromised portal application account with full database access enables bulk data extraction in minutes.

The ASEAN Perspective

Vietnam's healthcare sector is in a technology transition that creates a widening security gap. The government's digital health strategy — pushing electronic health records, telemedicine, and integrated national health databases — is accelerating data centralisation faster than security controls are being built. Centralised data is efficient to access and equally efficient to steal.

Comparable risks exist across ASEAN's healthcare sector. Indonesia's national health insurance database (BPJS Kesehatan) suffered a massive breach in 2021. The Philippines' PhilHealth system was attacked by Medusa ransomware in 2023, exposing 13 million records. Thailand's public hospitals have faced documented intrusion attempts.

For patients across ASEAN, the practical advice is to monitor for unexpected use of medical insurance benefits, be sceptical of health-related phishing using personal health details, and use separate strong passwords for all healthcare portal accounts.

RECATOOLS Verdict

The commodification of patient data — sold openly on dark web markets at price points accessible to low-sophistication buyers — reflects the market maturation of healthcare data theft as a criminal business. The Hong Ngoc breach is one documented example in a pattern of systematic healthcare targeting across ASEAN that will continue as long as EHR security investment lags EHR adoption speed.

Sources

  • ESCP International Politics Society — Southeast Asia Cyber Threats November 2025
  • IBM 2024 Cost of a Data Breach Report
  • Positive Technologies ASEAN Cyberthreats Analysis 2023-2024

FAQ

What data was stolen from Hong Ngoc Hospital? 112,000 patient and staff records including diagnoses, treatment histories, identification numbers, contact information, and internal staff credentials.

Why is medical data valuable on dark web markets? Medical records enable medical identity theft, targeted phishing using personal health details, and blackmail — commanding higher prices than financial records.

Is Vietnam a major cyberattack target? Yes — Vietnam ranks among ASEAN's six most cyberattacked nations, with attacks concentrated in the healthcare, government, and financial sectors.

What can Vietnamese hospital patients do? Monitor for unexpected insurance claims, use unique strong passwords for all healthcare portals, and be alert to phishing using personal health information.

How are EHR systems typically breached? Through vulnerable web-facing patient portals with weak authentication, followed by lateral movement to EHR databases via overprivileged application accounts.