Taiwan's 16.6 million patient data leaked! Chinese hacker CrazyHunter hacked into Mackay Memorial Hospital's various campuses, with a ransom amount reaching 1.5 million USD.

A hacker named Crazy Hunter ( has been systematically attacking hospitals across Taiwan since February 2025. The hacker not only paralyzed hospital systems but also uploaded stolen data for sale on the dark web. It is understood that nearly 16.6 million patient records have been leaked, affecting Mackay Memorial Hospital in Taipei, Tamsui, Hsinchu, Taitung, as well as children's hospitals in Taipei and Hsinchu, with the ransom amounting to as much as 1.5 million USD. Subsequently, in April, the Criminal Investigation Bureau announced that the hacker was a 20-year-old man surnamed Luo from Zhejiang Province, China, and it was suspected that these attacks were motivated by financial gain. However, there has yet to be a clear accountability for this massive data breach in Taiwan's healthcare system, leading to societal concerns about who should be held responsible for the security breach.

The excessive centralization of Taiwan's health insurance data and lax permissions may trigger a cybersecurity crisis.

According to a Bloomberg report in 2023, problems such as excessive concentration of data and loose authority of Taiwan's health insurance may trigger a financial security crisis. Since the launch of MediCloud, MediCloud, a cloud-based medical enquiry system implemented by the Health Insurance Department, has accumulated more than 2 billion enquiries, with an average of 1.2 million enquiries per day, and medical staff can even access patients' medical records such as infectious diseases, cancers and mental illnesses.

Chinese hacker CrazyHunter triggers the biggest patient data leak crisis in Taiwan.

Time jumps to February 2025, a Chinese hacker named Crazy Hunter ) infiltrates Mackay Memorial Hospital's Taipei and Tamsui campuses, targeting the AD host with numerous permissions, while packaging ransomware using printer drivers to evade antivirus detection. Ultimately, they successfully penetrate, causing over 600 computers to crash, and all patient files accessed during the process are encrypted, demanding a ransom from the hospital.

This is an attack diagram of CrazyHunter, the image source is from TeamT5 CrazyHunter selling 16.6 million patient personal data from Mackay hospitals on the dark web.

Immediately after, CrazyHunter chose to hack into Changhua Christian Hospital during the holiday on February 28 using the same method, resulting in a brief outage of part of the external appointment system and a slowdown of the charging system. Subsequently, with the help of the information team, normal operations were restored on March 3, and there was no occurrence of any personal data leakage.

However, on the day of 2/28, CrazyHunter put up for sale 16.6 million pieces of patient data covering the hospitals in Taipei, Tamsui, Hsinchu, Taitung, as well as the children's hospitals in Taipei and Hsinchu on the dark web, with a price tag of 100,000 USD.

However, it is understood that CrazyHunter also set up a dedicated website on the dark web on March 12 to disclose relevant personal information, with the affected units spanning 8 sectors including healthcare, academia, and manufacturing, and the ransom amounts ranging from 800,000 to 1,500,000 dollars.

The Ministry of Health and Welfare convened 60 key hospitals across Taiwan to share response guidelines.

After the incident, the Ministry of Health and Welfare designated this event as a series of "systematic attacks" and formulated the "Hospital Ransomware Response Guidelines" to provide hospitals with a set of SOPs for response. They also convened an emergency meeting with 60 key hospitals across Taiwan to share response strategies.

The Criminal Investigation Bureau has identified the main suspect as a 20-year-old cybersecurity employee from China.

According to reports, after more than a month of tracking and investigation by the prosecution, it was discovered that the main suspect of the hacker is a 20-year-old man with the surname Luo from Zhejiang, China, who works for a cybersecurity company in China. Assistance has been requested from the Chinese side for the investigation.

In this regard, Lin Jianlong, director of the Technology Crime Prevention Center of the Criminal Investigation Bureau, stated that this is the first time the police have confirmed the true identity of overseas hackers. However, regarding whether the Chinese public security will cooperate with Taiwan's investigation and prosecution agencies to assist in the investigation, experts indicate that due to political circumstances, it may be somewhat difficult.

Experts urge that before strengthening the legal system, the public should self-protect and be the first line of defense.

In summary, in the face of the CrazyHunter invasion of the healthcare system that has led to the leakage of tens of millions of health insurance personal data, significant vulnerabilities in Taiwan's accountability for information security and institutional response have been exposed.

In this regard, the public should raise their vigilance, regularly check their health insurance data usage records, and be sure to report any suspicious text messages or scam calls to the police. They can also learn how to protect themselves through the Executive Yuan's personal data protection website or private cybersecurity organizations. Until the legal system is strengthened, individuals are the first line of defense.

This article discusses the leak of personal data of 16.6 million patients in Taiwan! Chinese hacker CrazyHunter hacked into various branches of Mackay Memorial Hospital, with a ransom amount reaching 1.5 million USD, first appearing in Chain News ABMedia.