This information was presented by Senior Lieutenant Colonel Le Xuan Thuy, Director of the National Cybersecurity Center (A05) under the Ministry of Public Security, during a seminar on the TCVN 14423:2025 National Standard held on June 19 in Hanoi.
“Patients do not want their confidential data to be leaked online, as this can have serious repercussions for society. Hospitals are aware of these risks, yet the absence of legal framework hampers their ability to address the issue adequately,” Thuy remarked.
Thuy highlighted a significant increase in ransomware incidents targeting the energy, healthcare, government sectors, and media entities.
Notably, media outlets, which previously experienced only isolated attacks, are now facing organized efforts from cybercriminals.
Major Tran Trung Hieu from A05 reported that in April 2025, three prominent Vietnamese media organizations were targeted by cyberattacks. Hackers successfully breached their systems and extracted sensitive documents.
Some news organizations utilize similar platforms provided by tech companies, which may have shared security flaws. Consequently, a single breach could impact multiple media agencies.
Representatives from A05 urged media organizations to focus on enhancing their cybersecurity measures to fend off potential hacker intrusions.
Addressing the dangers associated with cybersecurity breaches in journalism, Nguyen Van Han, Deputy Head of the Business Department at VNPT’s Information Security Center, pointed out that journalists frequently rely on computers, memory cards, networks, and data storage solutions, all of which present considerable cybersecurity challenges.
Many software tools used by reporters for video, photo, or AI-related purposes often lack proper security measures. They frequently resort to free or pirated versions on personal devices, which significantly increases the risk of malware infections on computers and smartphones, leading to unauthorized access.
Thuy stressed that the launch of the TCVN 14423:2025 national cybersecurity standard is a pivotal advancement in state governance, providing crucial guidance and safeguarding critical information systems.
“The standard is not merely for compliance checks; rather, it serves to guide organizations in securing their infrastructure effectively,” Thuy explained.
He acknowledged that while many entities recognize the risks associated with cybersecurity, they often lack direction on how to proceed.
While large tech companies like VNPT and MobiFone are able to leverage global best practices, smaller entities frequently do not have a clear starting framework. A defined, locally relevant standard is vital for effective implementation.
“We present standards grounded in the safest practices, but we understand that not all organizations can comply instantly. It’s comparable to how not everyone can run 5 kilometers daily for health purposes. Our aim is for this standard to assist organizations in evolving and bolstering their cybersecurity efforts,” Thuy noted.
“Despite having standards in place, we have noticed that information systems in Vietnam continue to face attacks across various sectors, including government, energy, banking, and industry. This indicates a gap in the existing regulations,” he added.
The TCVN 14423:2025 represents the first cybersecurity standard established by the National Cybersecurity Center, aimed at enabling agencies and organizations to implement comprehensive cybersecurity measures.
A05 chose to establish these standards rather than enforce mandatory regulations, allowing organizations and businesses to gradually enhance their protective capacities.
However, for entities with significant personal data and considerable influence in the community, Thuy emphasized that mandatory penalties should be enforced.
Furthermore, A05 is working on a roadmap to integrate the Cybersecurity Law with the Information Security Law, which aims to refine security levels.
“In cases where an organization is deemed seriously or very seriously affected, adherence to the standards will become compulsory alongside explicit legal documents,” Thuy elaborated.
The introduction of TCVN 14423:2025 not only signifies a technological leap but also highlights the crucial role of state governance in establishing a legal framework that aids agencies and organizations in proactively safeguarding their systems, thereby contributing to the protection of national sovereignty in cyberspace.