Vietnam

 A developing country (not either poor or rich country, Vietnam is a

middle-income country)
 In 2022, Vietnam’s gross domestic product (GDP) amounted to
around 406.45 billion U.S. dollars (rank 37th in 2022), and is
expected to increase to 657.28 billion international dollars by
2028.
 Government and society
+ socialist republic of Vietnam (full name) (1980)
+ an elected president and a council of ministers
 Hanoi’s 1988 pronouncement that Vietnam should have “fewer
enemies and more friends”
 Lay the foundation for foreign exchanges, expansion of
internation trades, boost economic growth
 Allies: Russia (main supplier of military hardware)
+ Hanoi continued its tradition of strong military links with
Moscow instead of the US
 Enemies:
+ the US, China, France, Cambodia, Thailand (former foes)
+ territorial dispute has damaged relations between Vietnam and
China (South China sea)
+ Vietnam has remained distant to joint military exercises with the
US unlike Philippines
+ Currently, Vietnam has no enemies, has shifted to a
multidirectional foreign policy that places greater emphasis on
cultivating friends and engaging with the internation community 1

1
Mechanisms of Vietnam’s multidirectional foreign policy (Nicholas Chapman) (August 2017)
 Vietnam cybersecurity in healthcare industry
A. Historical context
The expansion of ICTs and increased Internet penetration have raised
concerns about cybercrime (Symantec, 2018). The ability to defend
against cyber-attacks in Vietnam is still evaluated as weak, especially in
the event of persistent cyber-attacks (Ministry of Public security 2017)
The Vietnam Computer Emergency Response Team (VNCERT)
recorded over 200.000 cyberattacks from 2010 to 2018
July, 2021, the Government activated an information technology
platform to support vaccination with an electronic health book app. And,
to handle all situations related to technology solutions and ensure
network security, the Ministry of ICT has set up the national Technology
Centre for COVID-19 Prevention and Control with key members
available 24/7
Yeo Siang Tiong, general manager for Southeast Asia at cybersecurity
company Kaspersky, said: “The pandemic has showed the important role
of e-government and digital transformation in the health sector in
particular. Digitalization in healthcare is being implemented extensively
in Việt Nam and it is a welcome approach to help the nation and its
people in this difficult time.
B. Current situation
Vietnam’s digital economy has experienced remarkable growth,
projected to exceed US $43 billion by 2025, Vietnam, has
enthusiastically fostered the intergation of medical technology into
healthcare practices.
Still with a lack of strategy on health cybersecurity and weakened
regulatory oversight of the ICT sector, Vietnam will likely to face an
increase in cyber threats and sophisticated attacks.
In 2019, The Vietnam's Ministry of Health (MoH) approved an EMR
deployment plan, resulting in the initial deployment of EMRs in many
localities
Hospital management information systems have been implemented in all
hospitals across the country, and the interconnectivity with the
healthcare insurance payment verification system has reached an
impressive 99.5%. As of July 2023, over 40 health facilities have fully
replaced paper medical records with EMRs.
However, in 2020 iSofH - a Vietnamese company that provides
healthcare information management solutions has been found that one of
their cloud servers was left publicly exposed without encryption or
password protection. One could access 12 million patient records
through it, with no difficulties. The records included full names and
dates of birth, postal and email addresses, phone numbers, passport
details, credit card numbers, medical records, and recent test results and
diagnoses. Three days after the discovery, the channel was attacked by
the meow bot that deleted some information. The company did not take
it seriously, even though this data can be used for phishing campaigns,
identity theft, or more sophisticated attacks.
 In Vietnam, the Vietnam National Cybersecurity Centre (NCSC)
recorded 1,383 cyberattacks in the first month of 2022, a steep increase
of 10,29% from December 2021
C. Past actions
In recent years, the Vietnam government had issued numerous
regulations in its effort to strengthen the local cybersecurity landscape,
including:

 Directive No.22/CT-BTTT issued in May 2021 by the Ministry of

Information and Communications focused on strengthening the
prevention and combat of law violations and crimes on the
Internet.
 Decision 1907/QD-TTg issued in 2020 which approves the
Ministry of Information and Communications raise awareness and
disseminate knowledge about information security for 2021-2025.
 Prime Minister’s Directive No.14/CT-TT in June 2019 enhanced
safety measures on cybersecurity of the public sector whereby at
least cybersecurity spend must account for 10% of an
organization’s total annual IT expenditure in 2020-2025.

These efforts have yielded positive results given in 2020, Vietnam

ranked 25th out of 194 countries in Global Cybersecurity Index (GCI)
which is a significant improvement from 2018 when Vietnam was placed
in the 50th positions
The Ministry of Information and Communications has decided to
establish the Viet Nam Cybersecurity Emergency Response Teams/
Coordination Center (VNCERT/CC) according to Directive 1671/QD-
BTTT (1/11/2019). It is tasked for coordinating the responses to security
incidents and verifying information security nationwide; monitoring and
operating related data systems, databases, and technical systems in
accordance with the law.
the Third Draft of the Cybersecurity Administrative Sanctions
Decree (hereinafter referred to as the “Draft CASD”) scheduled to come
into effect on December 1, 2023, It marks a crucial milestone in
Vietnam’s commitment to fortify its cybersecurity framework and
safeguard personal data.

The Draft CASD introduces a revised set of violations concerning

cybersecurity and data privacy regulations. Additionally, it supersedes
specific provisions found in the current Decree 15/2020/ND-
CP and Decree 14/2022/ND-CP, which pertain to administrative
penalties related to postal services, telecommunications, radio
frequencies, information technology, and electronic transactions.

D. Bloc positions

Similar to some developing countries like Mexico, Indonesia, etc,

Vietnam still suffered from a lack of tangible framework, lack of
policies to develop the widespread use of ICT, lack of trained personnel
and specialized infrastructure in cybersecurity

There still exists inconsistencies between healthcare data and patients’

rights to confidentiality and privacy in cybersecurity regulations.
Based on an analysis conducted by ATKearney shows that first, ASEAN
countries, especially Indonesia, Malaysia, and Vietnam, are at risk of
becoming the main targets of blockade of suspicious web activity. This is
mainly because the awareness of corporations or stakeholders is still minimal
because it has not been a business priority regarding the dangers posed by weak
cybersecurity, However, with the advent of Covid-19 pandemic, cybersecurity has
become one of the priorities of leaders in ASEAN region. ASEAN has taken action
by introducing the ASEAN Charter, which is binding to provide legal status and
institutional framework of multilateral cooperation to compile values and
regulations to set targets for ASEAN to present accountability and fulfillment.
ASEAN also, specializes in addressing transnational and cross-border crime issues.

E. Solutions
stakeholders, especially critical IT systems, should improve capacity while
strengthening coordination with specialized information security forces.
allocate resources and budgets for monitoring, supervision, and incident
response processes. (particularly to implement intrusion detection and
prevention systems such as NIST in Nigeria)
The authorities need to heighten public awareness about the importance of
cybersecurity through launching multimedia campaigns about general
information of cyberattack and publicizing the threats and damages of
cybercrimes.
Healthcare organizations provide security guidance to their staff and broaden
their cybersecurity-related knowledge
Authorities within healthcare sector can assess the efficiency of current
national policies and legislation to detect flaws and make necessary changes
so as to further facilitate them.
Analyze carefully cases of cybercrimes to develop multi-level incident
response frameworks regarding each region’s resources and infrastructure
(hence effectively preventing further damage.)
Maintain sustainable channels of communication about the secure usage and
control of cybernetworks in healthcare affairs among international partners
Report any incidents of cyber criminals happening in Member State’s
channels to the WHO to promotes timely identification of emerging threats,
quickly minimizing the impacts.

In Vietnam, the healthcare industry has suffered substantially from cyberattacks due to a
lack of a comprehensive stance on health cybersecurity and weakened regulatory
oversight of the ICT sector. The Vietnam National Cybersecurity Centre has recorded a
year-on-year increase in cases of cybercrimes. Still, in recent years, the governments have
issued numerous regulations and established the Vietnam Cybersecurity emergency
response teams/ Coordination center (VNCERT/CC) and the Third Draft of the
Cybersecurity Administrative Sanctions Decree (Draft CASD) to fortify its cybersecurity
framework and safeguard personal data