Israeli hospital's IT system still down weeks after cyber-attack

Health Ministry is working on new regulations to protect the hospitals as its technology unit thwarts around 100,000 threats a month, official tells Knesset Health Committee.

Projection of cyber code on hooded man (llustrative) (photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION TPX IMAGES OF THE DAY)
Projection of cyber code on hooded man (llustrative)
(photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION TPX IMAGES OF THE DAY)

A month after a group of hackers targeted the Hillel Yaffe Medical Center in Hadera, its IT infrastructure still needs to be restored, the hospital’s director said Monday before the Knesset Health Committee, while a cybersecurity official said that the event could have likely been prevented if hospitals in Israel were considered critical infrastructures, therefore requiring a higher level of protection.

The committee convened to discuss the current state of the country’s health system vis-à-vis the risk of cyberattacks.

“We hope that this week we will be able to reboot our system,” Hillel Yaffe’s Dr. Mickey Dudkiewicz said, adding that it might still take weeks to complete the process, with other hospitals facing similar situations sometimes even needing months.

Asked about the cost of the operation, the physician said it was in the order of millions of shekels.

The successful ransomware attack against the medical center at the beginning of last month rang alarm bells among Israeli health authorities and organizations regarding their exposure to cyber threats.

Nurses check the charts of two coronavirus disease (COVID-19) patients inside the intensive care unit of Humber River Hospital in Toronto, Ontario, Canada April 15, 2021. (credit: REUTERS/CARLOS OSORIO)Nurses check the charts of two coronavirus disease (COVID-19) patients inside the intensive care unit of Humber River Hospital in Toronto, Ontario, Canada April 15, 2021. (credit: REUTERS/CARLOS OSORIO)

Israeli public and private organizations are a preferred target for attacks carried out by both ideologically-motivated and financially-motivated hackers – as was the case with Hillel Yaffe.

According to Erez Tidhar, director of the Monitoring & Analysis Center at the Israel National Cyber Directorate, the event could have likely been prevented. The INCD is responsible for cyberdefense in the civilian sphere, including issuing policies and offering guidance.

“Today, critical organizations such as banks and hospitals are not defined as critical state infrastructure and their cyber system is lacking,” he said before the committee. “If they were considered as such – and I say this with caution – probably a similar attack would not have occurred. We have not yet seen a massive attack on a critical infrastructure that has succeeded.”

The question of raising hospitals to the level of critical infrastructure has been debated for years, several experts noted during the meeting.

“I hope that decision-makers in the country will understand that it is impossible to give a body like ours responsibility for such organizations without proper authority,” Tidhar added.

The INCD official also revealed that there had been an alert about a possible attack against Hillel Yaffe months before the incident.

“Already in June we issued a targeted alert to a number of organizations in the State of Israel, including Hillel Yaffe,” he said. “They received an alert and instructions on how to solve the weakness.”

Dudkiewicz denied any warning.

“This has been a national event with all its implications, and its handling did not depend on the hospital’s decisions,” he noted, adding that when the attack happened, the cooperation with relevant bodies was very fruitful.

“In recent years, we have spent large amounts in the field of cyberdefense and we have passed all the tests successfully,” Dudkiewicz said. “This demonstrates that we need to change our perception and understand that even at the highest level of security, we must be aware that something like this can happen and know how to react quickly.”

Since 2016, the Health Ministry has set up a unit devoted to cybersecurity that employs around 30 full-time workers.

“In some way, we are talking about World War III,” the ministry’s chief technological officer Reuven Eliyahu said. “If once a country needed ships and missiles to attack another nation, today a simple website is enough. There are many more attackers than defenders, and the problem is intensifying.”

“We encounter over 100,000 cyberattacks against health organizations a month and thwart them,” he added.

Following the attack at Hillel Yaffe, the ministry distributed some new guidelines for health organizations to prevent attacks, and new regulations for this purpose are set to be issued by the end of December.

Eliyahu said that the new plan will require additional resources.

Israel National Cyber Directorate