Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management
Ransomware Attack on Israeli Medical Center Raises Alarm
Government Authorities Issue Advisories Following Hospital AttackGovernment authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera.
See Also: Gartner Guide for Digital Forensics and Incident Response
In a statement Wednesday, the 506-bed, Hillel Yaffe Medical Center said it was dealing with "a totally unexpected ransomware cyberattack" that targeted the hospital’s computer systems.
The hospital said it is "using alternative systems" to care for its patients. Medical treatments are continuing as usual, aside from non-urgent elective procedures, the hospital said. "The incident was immediately reported to the Ministry of Health and Cyberpro Israel, and is in the care of the experts in the field."
Some local media sites reported that the hospital began diverting some emergency patients to other nearby facilities on Wednesday.
"Our staff are used to mass-casualty incidents, they coped with and are still coping with coronavirus, but this is an incident on a different plane, on a national level, without a medical base," Dr. Mickey Dudkiewicz, director of Hillel Yaffe Medical Center said in a status update statement posted on the hospital's website on Friday.
"We hope that some of our capabilities will be gradually restored at the beginning of next week, but changes are possible in accordance with the rate of progress of the professional staff who are involved, and subject to various constraints.”
Hillel Yaffe Medical Center did not immediately respond to Information Security Media Group's request for additional details about the incident.
Government Warnings
Meanwhile, Israel's national cyber directorate, which is responsible for promoting cybersecurity in the country, issued an advisory on Wednesday about the ransomware incident that was carried out against one of Israel's healthcare sector entities by an unnamed "attack group." The alert did not identify Hillel Yaffe Medical Center as the attacked entity.
"The cyber directorate sees fit to share identifiers that have emerged so far as part of the investigation, in order to enable organizations in the economy to identify and prevent a similar attack that may be carried out against them," the alert says.
The cyber directorate adds that it recommends organizations "check whether these IDs have been viewed on relevant systems over the past month, and it is highly recommended to perform an active scan to locate these IDs directly or by entering them into anti-virus and endpoint detection and response systems."
Additionally, organizations should "as soon as possible" ensure that email servers and corporate VPNs are updated to the latest version of software.
Separately, Israel's Health Ministry sent a letter to hospitals around the country this week, urging them to print out patients’ medical files amid the fear of more cyberattacks, and electronic health records systems potentially being affected, according to Times of Israel news site.
Global Threats
Some Israeli officials noted that the Hillel Yaffe Medical Center ransomware incident was the first such known attack on an Israeli healthcare sector entity, according to media site SecurityWeek.
But some experts warn that any and all healthcare sector entities across the globe are at risk for similar ransomware and related cyber assaults.
"While the U.S. healthcare sector is most heavily targeted by far, hospitals everywhere should be on alert," says threat analyst Brett Callow of security firm Emsisoft.
"And that may be especially true at this point in time," he adds. "The anti-ransomware efforts being made by the U.S. and its 29 allies could, perhaps, convince threat actors to up their activity levels in countries from which retaliation may be less likely."
The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations – but with Russia and China both noticeably absent.
The gathering aimed to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts (see: U.S. Convenes Global Ransomware Summit Without Russia).
U.S. Attacks
Healthcare sector entities in the U.S. have been facing a surge in disruptive ransomware attacks over the past couple of years, and especially during the pandemic.<.p>
For instance, a May ransomware attack disrupted San Diego, California-based Scripps Health's IT systems and patient care for nearly a month, costing the organization at least $113 million, including $91.6 million in lost revenue.
Scripps Health also faces several proposed class action lawsuits related to the incident, filed by patients alleging, among other claims, that their care was delayed due to the disruption.