The personal information leak at Seoul National University Hospital (SNUH) two years ago was found to be the work of North Korean hackers.

The National Police Agency's National Office of Investigation has confirmed that a cyber attack orchestrated by North Korean hackers infiltrated the internal network of SNUH through seven domestic and foreign servers in May and June 2021. As a result, the personal information of approximately 830,000 individuals was compromised, including 810,000 patients and 17,000 healthcare providers.

According to the police investigation, it is believed that the North Korean hacking organization orchestrated the cyber attack with the intention of specifically targeting and stealing the information of key personnel who received medical treatment at SNUH.

The police confirmed that the IP address used to access the server during the attack, as well as the IP address laundering technique employed, were consistent with the methods commonly utilized by North Korean hackers.

They also found that information such as user names and emails entered into the server used for the hack were the same as those used by the North Korean hacking organization in the past.

The password for the fake account created by the hacking organization on the internal network of SNUH was also a North Korean phrase meaning "don't touch."

However, there have been no reports of secondary victims, such as stolen data being used to commit other crimes.

While the specific hackers have not yet been identified, police have identified Kimsuky, a North Korean state-backed hacker group, which is known to have hacked into Korea Hydro & Nuclear Power in 2014, as a possible suspect.

"North Korean hacking organizations are expected to continue their attempts to break into major information and communication networks," the National Police Agency said.

The police agency called on users to strengthen their security systems by encrypting important computer data, including personal information.