Read the story in Japanese
OSAKA, Japan — When Dr. Satoshi Fujimi headed to work at Osaka General Medical Center on the morning of Oct. 31, 2022, he thought he would be briefing the hospital’s management on its disaster response plan.
He didn’t know that he would soon be in the thick of an actual disaster at the public hospital.
A ransomware attack.
“I turned on my computer at 7 a.m. and noticed it was slower than usual. We barely managed to print out a list of patients” said Fujimi, the head of emergency services and disaster response.
Less than two hours later, the severity of the problem came to light. The hospital had suffered a crippling ransomware attack that cut off access to its systems for electronic medical records, patient management and internal communications.
“It was shocking,” said Yasuyuki Awakura. The general manager of the administration office, he led the response team handling the cyber-attack. “When I entered the lobby, it was very crowded, and chaotic.”
The hospital – one of Osaka’s largest with an average of 1,300 outpatients a day – was forced to suspend outpatient treatment, scheduled operations and emergency admissions. Emergency surgeries and inpatient care at the 865-bed facility continued. But the doctors and nurses had to resort to using paper records of patient information.
“There was a lot of confusion and anxiety in the first week,” said Fujimi.
A week later, after a response team and decision-making structure had been set up, staff members were calmer and more hopeful, he said. It would take more than two months, however, before the hospital could resume normal operations.
The attack sparked change. Two years later, Osaka General partnered with Microsoft to put in place upgraded digital tools across its security systems and work processes.
Security revamp
Investigations traced the source of the malware to an infected server at a third-party vendor, which supplied meals for patients. The hackers then found their way to the hospital’s server via an external link between the vendor and the hospital.
The probe also revealed security flaws at Osaka General.
“The biggest problem we had was that common passwords were used across our servers,” said chief information officer and cardiologist Dr. Takashi Morita. “Because of this, it wasn’t just the attacked server that became encrypted, but also other servers, such as those housing electronic medical records.”
Another mistake, common amongst hospitals in Japan, said Morita, was thinking that the electronic medical records would be shielded from attack because they were in a closed environment isolated from the internet.
The team took immediate steps to secure the servers, setting up unique user IDs and passwords and enabling account locks. But the incident demonstrated a more extensive security revamp was needed.
Dr. Takeshi Shimazu, the hospital’s president, said “we were due to replace our sixth-generation systems anyway by March 2024. But after the ransomware attack, we realized that the same cybersecurity measures wouldn’t be enough. So, we had to decide between adding something new to the seventh-generation system or do a complete overhaul.”
Osaka General, recognized in Newsweek’s 2025 published rankings of leading hospitals, decided to stick with its systems upgrade from an existing vendor. “But we added a Microsoft environment on top of that,” he said.
Since October 2024, the hospital has deployed Microsoft Defender, including Endpoint Detect and Response, to identify threats and block malware, and Microsoft Entra ID to control access to its network, both on-premises and in the Microsoft Azure cloud. Staff members use multi factor authentication tools – including security badges, chip readers, facial recognition software, passkeys – to log on from their desk or remotely.
These procedures form part of the hospital’s transition to a zero-trust architecture, so called because the system assumes no one is trusted inside the hospital network and verifies each access request every time. Users only get access to what they need to do their jobs.
Now, the tech team is fastidious about monitoring operating system updates and sending out security patches for the hospital’s 200 servers and 2,300 computers.
“At the time we didn’t understand VPNs or firewalls inside the hospital well,” said Awakura of the administration office. “So, we didn’t realize how important these monitoring systems were.”
The hospital also migrated part of its core system – containing data such as consultation records and prescription orders – and some electronic medical records to the cloud, using Microsoft Azure.
In addition, the hospital began using Microsoft 365 for its work processes.
Both Microsoft Azure and Microsoft 365 have built-in security and privacy features – such as encryption, access controls and audit logs – that enable the hospital to protect sensitive patient data and comply with industry regulations.
“Our staff breathe in the security system just like air, it’s taken for granted. It’s as stable as that,” said Shimazu of these changes.
Making work easier
Moving to a new, more secure technology environment has also made work life easier.
Dr. Haku Tanaka slid into his chair and tapped a white plastic disc against the chip reader on his desk. Within seconds, the camera clipped to his computer monitor whirred to life. His face appeared on the screen. The system recognized him as one of Osaka General’s neurosurgeons, granting him access to the hospital’s network. He clicked on a chat group, and an image of a brain scan popped up.
“Teams and SharePoint allow us to share images while protecting patient confidentiality,” he said. “This has been very helpful.”
He was referring to tools for communication and file storage within the full suite of Microsoft 365 apps currently used by the hospital’s 2,000 employees.
These were rolled out in October 2024, as part of Osaka General’s systems upgrade.
According to Tanaka, being able to securely discuss, for instance, a stroke patient’s cerebral bleeding with colleagues across different departments via Teams can make all the difference. Especially for the lone doctor on night shift duty who must decide how best to treat that patient.
“We used to do this via phone calls. Teams is a big improvement and less stressful,” said Tanaka, who has been a neurosurgeon for 11 years. “I believe this hospital is among the most advanced of the other Japanese hospitals I’ve worked at.”
For head nurse Masami Murai, being able to centralize, organize and share information has been a boon for her 1,000-strong team.
They have created chat groups in Teams for different purposes – for example one for head nurses, another for disaster response – making communications more effective and efficient. This is far easier and quicker than what they used to do – track down individual email addresses and draft formal emails.
“Before, it was just top-down communication. Now we have bottom-up communication. And we can combine a variety of opinions to come up with new solutions, sparking the nurses’ ingenuity,” she said.
The nurses also use SharePoint to store and share training videos.
Head of Urology Dr. Tetsuya Takao said he is more effective at work since he began using Microsoft 365.
“Even if I’m at home, I can open a file or document on Teams,” he said. “So my work has become easier.” He observed that he can check on a patient’s condition from wherever he is and that information can be communicated “all at once to everyone.”
Workplace reform, or work-life balance, is a major issue for every health care professional in Japan currently, said Dr. Kazuhiro Iwase, director at Osaka General. “It would be good to use technology to benefit our employees.”
Industry challenges
While productivity gains from technology can help lighten the load in the notoriously overworked health sector, other structural challenges remain.
Japan’s rapidly aging population and low birthrate mean more medical care will be needed, but there will be fewer workers to provide it, said Marc Einstein, research director at technology market research firm Counterpoint Research.
“The Japanese government projected that there was a shortfall of 250,000 healthcare workers this year, and with the median age approaching 50, the situation will likely become worse in time,” he said.
Investment in generative AI that frees workers from routine tasks could ease the strain. But finances at public hospitals like Osaka General are tight, with the fees charged for medical services not keeping pace with rising costs and wages.
The hospital president, Takeshi Shimazu, said that “every Japanese hospital is struggling financially. It’s a big decision how much you can invest in new technology … About 80% of publicly funded hospitals are in the red, so the decision to invest is a tough one.”
Instead, the hospital is focusing its efforts on making the most of what tools they have now, said Junta Nakahara, the hospital’s secretary general. One way is by tapping its younger employees for fresh ideas.
One idea that has taken off came from the Young Members Teams Utilisation Project. It’s a digital patient feedback form, created using Microsoft Forms. Since April 2025, patients can eschew pencil and paper and instead scan a QR code with their phones to access the forms.
“The person in charge of feedback now spends less time reviewing all the responses,” said Kanako Sugita from the management planning division, and one of the team members.
Members of the project are also avid users of Copilot Chat, which comes free with the hospital’s Microsoft 365 contract. It’s a web-based general-purpose AI assistant compared with Microsoft 365 Copilot, which provides more personalized, context-rich responses.
Hinako Akeyoshi asks Copilot Chat to organize opinions aired at meetings, summarize the issues and suggest next steps.
“When I first used Copilot Chat in October 2024, I asked many genera
