More Attempted Cyberattacks on Israeli Healthcare EntitiesOfficials: Threats to Sector Rising In Wake of Recent Hospital Ransomware Attack
Israeli officials say they have fended off a wave of attempted cyberattacks on several hospitals and healthcare entities in recent days, as Hillel Yaffe Medical Center continues to recover from a ransomware attack last week that authorities reportedly suspect was carried out by Chinese hackers.
Over the weekend, Israel's ministry of health's cyber center detected an increase in attempted attacks against a number of hospitals and medical organizations, says the ministry and the country's national cyber directorate in a joint statement issued Sunday.
"Early assessments and a quick response from the center and teams on the ground halted the attempts and no damage was done," the statement notes.
In the meantime, 506-bed Hillel Yaffe Medical Center, located in the city of Hadera, continues work on restoring its information systems operations "gradually and securely as soon as possible" following its cyberattack last week.
Local media outlet The Times of Israel on Tuesday reported that Israeli health ministry cybersecurity officials believe that the ransomware attack on Hillel Yaffe Medical Center was likely carried out by Chinese attackers whose motives were “purely financial."
As a government-owned hospital, Hillel Yaffa Medical Center is prohibited from paying a ransom to the attackers, which officials believe are part of a Chinese group using the DeepBlueMagic ransomware variant, which first surfaced in August, according to local media site Ynet.news.
Hillel Yaffe Medical Center in an updated statement Sunday said the hospital "is working around the clock to return to regular business," with help from the ministry of health and other cybersecurity experts. "At this point, there is a gradual increase in the use of alternative technological systems," the hospital says.
“We are in the middle of a complex and challenging situation," said Dr. Mickey Dudkiewicz, the medical center's director in the statement. "We are providing urgent and vital treatments throughout the hospital - the cardiac catheterization room, the operating theater, the delivery room, imaging, etc. At the same time, we are working to expand non-urgent treatments, and some are already in operation," he added.
Local media sites last week reported that Hillel Yaffe had diverted some patients to other area facilities as it was first dealing with the ransomware incident.
In their joint statement Sunday, Israel's ministry of health and national cyber directorate said they have been "carrying out numerous activities with bodies in the health sector to further strengthen the level of protection while identifying new vulnerabilities in the area that may be used for attacks and contacting bodies to close them."
Last week, soon after the attack on Hillel Yaffe Medical Center, Israel's health ministry sent a letter to hospitals around the country, urging them to print out patients’ medical files amid the fear of more cyberattacks disrupting access to electronic health records.
Also, Israel's national cyber directorate issued an advisory for the healthcare sector with identifiers that had emerged so far as part of the investigation into the attack.
First Successful Attack?
The Hillel Yaffe cyber incident is the first known successful ransomware attack on an Israeli healthcare sector entity, says Ido Geffen, a vice president at healthcare cybersecurity firm CyberMDX.
"In the last few years in Israel, we have seen mostly nation-state attacks," says Geffen, who - like several other CyberMDX executives - has previously held cybersecurity positions within Israeli government agencies.
"The interesting thing about the Hillel Yaffe attack is that [the attackers] seem to be completely focused on money. By all indications, we're dealing with cybercriminals," he says.
Cybercriminals are focusing their attention on healthcare organizations in Israel – and elsewhere around the world - "for good reason," Geffen adds.
"There are many connected medical devices that have no network protection with legacy operating systems," he notes.
In many of these attacks, cybercriminals are taking a double-extortion approach where they steal electronic personal health information and then encrypt the data, he says.
"In this way, they are able to pressure hospitals to pay quickly because the impact is not just on the operation of the hospital but they can also harm the patients by leaking their data."
Meanwhile, the U.S. Department of Health and Human Service's Health Sector Cybersecurity Coordination Center last week issued analysis for the third quarter of 2021 showing that top countries impacted by ransomware incidents in the healthcare sector included the U.S., France, Brazil, Thailand, Australia, and Italy (see: Analysis: Top Ransomware Gangs Targeting Healthcare Sector).