Israeli hospital targeted by ransomware attack

Hillel Yaffe Medical Center has been targeted by a ransomware attack, but is still able to treat patients.

Projection of cyber code on hooded man (llustrative) (photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION TPX IMAGES OF THE DAY)
Projection of cyber code on hooded man (llustrative)

The Hillel Yaffe Medical Center in Hadera was targeted by a ransomware attack that affected its computer systems, the hospital announced on Wednesday.

Since the attack, which occurred without any prior warning, the hospital has been using alternate systems while treating patients, and has been writing patients’ information down by hand. The hospital is operating as normal, except for elective, nonurgent operations. All critical equipment is working as it should, including CT and MRI scanners.

In the meantime, Laniado Medical Center in Netanya is prepared to accept patients who cannot be treated at Hillel Yaffe due to the cyberattack. Hillel Yaffe has asked Magen David Adom and the Health Ministry to bring patients who don’t need urgent care to other hospitals.

The incident has been reported to the ministry and National Cyber Directorate and is being handled by the best experts in the field, according to the hospital. The ministry has updated other hospitals about the incident as a preventive measure.

The attack was perpetrated by a new group of hackers that is also responsible for an attack on a hospital in the US, The Jerusalem Post's sister publication Maariv reported.

Health Ministry Director-General Prof. Nachman Ash asked hospitals and HMOs to practice maximum alertness amid concerns that there could be further attacks on additional hospitals or clinics, according to N12. Ash also asked that hospitals and HMOs ensure that they have backups that can be used to ensure the continuity of treatment if further attacks take place.

The Hillel Yaffe hospital in Hadera. (credit: Wikimedia Commons)
The Hillel Yaffe hospital in Hadera. (credit: Wikimedia Commons)

Amit Spitzer, chief information security officer at Cato Networks, stated that the incident “raises questions about the fate of the personal medical information of many patients at the hospital.”

Spitzer stressed that in similar cases, the ransom payment didn’t help, and the information was eventually leaked or deleted permanently.

“The prevailing assumption is that the attack was carried out by a hostile party who wants to harm, and the ransom demand is here only ostensibly,” said Spitzer.

“Ransomware attacks are no longer a localized problem of one organization or another, but a global scourge that indiscriminately hits critical infrastructure, medical institutes and many businesses around the world,” said Yossi Rachman, director of security research at Cybereason, in response to the attack.

“When it comes to a targeted attack on hospitals, attackers know to expect a quick response from the attacked organization, due to delays in performing critical medical processes as well as the fear of leaking sensitive medical information about patients,” he said.

Cybereason recommends that every organization adhere to well-proven information security practices, including ensuring software is kept updated, and having clear security procedures and tools for rapid protection and response to information security incidents.

The company recommends not cooperating with the attacks and refraining from paying ransom payments.

The attack is the latest in a long series of cyberattacks on Israel in recent years.

Last week, Cybereason revealed that MalKamak, an Iranian state-supported hacker group, was running a highly targeted cyber-espionage operation against global aerospace and telecommunications companies, stealing sensitive information from targets around Israel and the Middle East, as well as in the United States, Russia and Europe. The threat posed by MalKamak is still active.

Last month, a hacker group called Deus leaked data it claims it obtained, in a cyberattack on the Israeli call center service company Voicenter, from the company’s customers, including 10bis, CMTrading, Mobileye, eToro, Gett and My Heritage. The data leaked so far include security camera and webcam footage, ID cards, photos, WhatsApp messages and emails, as well as recordings of phone calls.

A series of cyberattacks has plagued Israeli businesses and institutions in the past two years, including Israel Aerospace Industries, the Shirbit insurance company and the Amital software company.

The National Cyber Directorate reported that it handled more than 11,000 inquiries on its 119 hotline in 2020, some 30% more than it handled in 2019. The directorate made about 5,000 requests to entities to handle vulnerabilities exposing them to attacks, and was in contact with about 1,400 entities concerning attempted or successful attacks.

Zev Stub contributed to this report.