The Hillel Yaffe Medical Center, a major Israeli hospital located on the western edge of Hadera, on Wednesday became the victim of a major ransomware cyberattack that caused disruptions across the institution and even an explicit request from the administration to the Health Ministry and EMT services to refer to them only urgent cases.
The scope of the attack is still unclear, and it’s not yet known whether patient data or sensitive hospital information have been compromised. But it can be estimated that the attackers fished out a lot of information from the hospital’s computer systems.
Health Ministry Director-General Prof. Nachman Ash sent a message to hospital administrators around Israel informing them of the ransomware cyberattack that disrupted the information systems of Hillel Yaffe. According to Prof. Ash, for fear of further attacks on medical organizations, he wants to make sure that there is an information backup that can be used to enable the continuity of medical care in case of future attacks.
“Should such an event occur in your organization, we emphasize the need for backup that’s disconnected from the hospital network, including the printing of the critical medical material, if necessary,” Ash wrote.
Ransomware is a type of malware that blocks access to data unless a ransom is paid. The attack at the Hadera hospital is likely using a technique called cryptoviral extortion that encrypts the hospital files, making them inaccessible, and demands a ransom payment to decrypt them. Ransomware attacks typically use a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, at least in one case—the WannaCry worm—the intruder traveled automatically between computers without user interaction.
According to Israeli media, the attacker has already contacted the hospital to open negotiations on ransom payment terms. It is estimated that the attack was conducted by a relatively new group of hackers that recently attacked a US hospital.
At Hillel Yaffe, meanwhile, management plans to offer all medical activities as usual on Thursday, including surgeries. However, all non-urgent treatments have been put on hold. In other words, elective surgeries are being postponed, but patients who come to the emergency room will receive full treatment.
The hospital does not yet know when the incident will end – nor is it clear to them whether patients’ details have been leaked from the system. Across the hospital, employees are walking with their pads and pens and medical instructions are being followed over the phone, line by line.
The biggest problem, according to reports, is the dispensing of meds, which normally is completely computer-controlled. Switching to manual may raise some problems in keeping the inventory from falling into the wrong hands.