The Hillel Yaffe Medical Centre in Hadera, Central Israel was targeted by a ransomware attack that affected its computer systems, the hospital announced on Wed., but is still able to treat patients.
Since the attack, which occurred without any prior warning, the hospital has been using alternative systems while treating patients & has been writing patients’ information down by hand. The hospital is operating as normal, except for elective, non-urgent operations. All critical equipment is working as it should, including CT & MRI scanners.
Cannot be Treated
In the meantime, Laniado Medical Centre in fairly nearby Netanya is prepared to accept patients who cannot be treated at Hillel Yaffe due to the cyber-attack. Hillel Yaffe has asked Magen David Adom (Israeli Red Cross) & the Israeli Health Ministry to bring patients who don’t need urgent care to other hospitals.
The incident has been reported to the ministry & the Israeli National Cyber Directorate & is being handled by the best experts in the field, according to the hospital. The ministry has updated other hospitals about the incident as a preventive measure.
Group Attacked US Hospital Too
The attack was perpetrated by a new group of hackers that is also responsible for an attack on a hospital in the US, The Jerusalem Post’s sister publication, Hebrew language Maariv reported.
Israeli Health Ministry Director-General Prof. Nachman Ash asked hospitals & HMOs to practice maximum alertness amid concerns that there could be further attacks on additional hospitals or clinics, according to N12. Ash also asked that hospitals & HMOs ensure that they have backups that can be used to ensure the continuity of treatment if further attacks take place.
Personal Medical Information
Amit Spitzer, Chief Information Security Officer (CISO) at Cato Networks, stated that the incident “raises questions about the fate of the personal medical information of many patients at the hospital.”
Spitzer stressed that in similar cases, the ransom payment didn’t help, & the information was eventually leaked or deleted permanently.
“The prevailing assumption is that the attack was carried out by a hostile party who wants to harm, and the ransom demand is here only ostensibly,” said Spitzer.
“Ransomware attacks are no longer a localised problem of one organisation or another, but a global scourge that indiscriminately hits critical infrastructure, medical institutes & many businesses around the world,” stated Yossi Rachman, Director of Security Research at Cybereason, in response to the attack.
“When it comes to a targeted attack on hospitals, attackers know to expect a quick response from the attacked organisation, due to delays in performing critical medical processes as well as the fear of leaking sensitive medical information about patients,” he commented.
Cybereason recommends that every organisation adhere to well-proven information security practices, including ensuring software is kept updated, & having clear security procedures & tools for rapid protection & response to information security incidents.
The company recommends not co-operating with the attacks & not paying ransom payments.
The attack is the latest in a long series of cyber-attacks on Israel in recent years.
Iranian Hacker Group
Last week, Cybereason revealed that Mal Kamak, an Iranian state-supported hacker group, was running a highly targeted cyber-espionage operation against global aerospace & telecommunications companies, stealing sensitive information from targets around Israel & the Middle East, as well as in the US, Russia & Europe.
The threat posed by Mal Kamak is still active.
Last month, a hacker group called Deus leaked data it claims it obtained, in a cyber-attack on the Israeli call canter service company Voicenter, from the company’s customers, including 10bis, CM Trading, Mobileye, eToro, Gett & My Heritage. The data leaked so far include security camera & webcam footage, ID cards, photos, WhatsApp messages & emails, as well as recordings of phone calls.
Israel Aerospace Industries
A series of cyber-attacks has troubled Israeli businesses & institutions in the past two years, including Israel Aerospace Industries, the Shirbit Insurance Company & the Amital software company.
The Israeli National Cyber Directorate reported that it handled more than 11,000 inquiries on its 119 hotline in 2020, some 30% more than it handled in 2019. The directorate made about 5,000 requests to entities to handle vulnerabilities exposing them to attacks & was in contact with about 1,400 entities concerning attempted or successful attacks.