The information was shared by Senior Lieutenant Colonel Le Xuan Thuy, Director of the National Cybersecurity Center (A05) under the Ministry of Public Security, at a seminar on TCVN 14423:2025 National Standard held on June 19 in Hanoi.

“No patient wants their private information exposed online. This directly impacts the community. This is not because hospitals are unaware of these risks, but because there are no legal regulations to ensure they address the issue properly,” Thuy said.

Thuy said there has been a notable rise in ransomware attacks targeting systems in the energy, healthcare, and government sectors, as well as media agencies.

In particular, media organizations, which faced only sporadic attacks in previous years, have become targets of organized campaigns recently.

Major Tran Trung Hieu from A05 revealed that in April 2025, A05 detected cyberattacks on three major Vietnamese media agencies. Hackers infiltrated their data systems and stole sensitive documents.

“Once hackers gain access to a system, they can steal data, alter or delete articles, or post malicious content on the outlet’s platform. If hackers succeed, the consequences could be severe,” Hieu said.

Some newspapers use the same platforms provided by technology companies, which often have common security vulnerabilities. As a result, a single attack could affect multiple press agencies.

A05 representatives urged media agencies to prioritize cybersecurity to protect against hacker attacks.

Discussing the risks of information security breaches in journalism, Nguyen Van Han, Deputy Head of the Business Department at VNPT’s Information Security Center, noted that journalists’ work involves frequent use of computers, memory cards, networks, and data storage systems, all of which pose significant cybersecurity risks.

Discussing the risks of information security breaches in journalism, Nguyen Van Han, Deputy Head of the Business Department at VNPT’s Information Security Center, noted that journalists’ work involves frequent use of computers, memory cards, networks, and data storage systems, all of which pose significant cybersecurity risks.

Meanwhile, many software tools for video, photo, or AI-related tasks lack adequate security. Reporters often use free or cracked versions on personal devices, making them highly susceptible to malware infections on computers and smartphones, which can lead to unauthorized access.

Thuy emphasized that the establishment of the TCVN 14423:2025 national cybersecurity standard is a critical step in state management, providing both guidance and protection for critical information systems.

“The standard is not just for auditing. More importantly, it offers guidance to help organizations secure their infrastructure,” Thuy said.

He noted that many organizations, while aware of cybersecurity risks, are unsure where to begin.

Large tech companies like VNPT or MobiFone can draw on global practices, but smaller organizations often lack clear starting points. A clear, Vietnam-specific standard is essential to guide implementation.

“We provide standards based on the most secure practices, but we understand that not every organization can immediately comply fully. It’s like how not everyone can run 5km daily for health. We hope this standard will help organizations mature and strengthen their cybersecurity,” Thuy said.

“We have observed that information systems in Vietnam, despite having standards, have been continuously attacked over the years, from government, energy, and banking to industrial sectors. This shows that current regulations are insufficient,” he said.

TCVN 14423:2025 is the first standard in the system of national standards on cybersecurity developed by the National Cyber ​​Security Center to continue to help agencies and organizations comprehensively deploy cybersecurity measures.

A05 chose to issue standards instead of regulations, which means ‘not mandatory’, in order to create conditions for organizations and businesses to gradually adapt and improve their infrastructure protection capacity.

However, for units with large personal data and a large level of influence in the community, Thuy said that there should be mandatory sanctions.

In addition, A05 is building a roadmap to integrate the Law on Cyber​security and the Law on Information Security, which can restructure the levels of security.

"When an organization is classified as seriously or very seriously affected, the application of standards will be mandatory and there will be specific legal documents," Thuy explained.

The issuance of TCVN 14423:2025 is not only a technical step forward but also demonstrates the role of state management in creating a legal corridor, helping agencies and organizations proactively protect the system, contributing to protecting national sovereignty in cyberspace.

Ha Thuong