A successful cyber attack on a hospital in Israel was a matter of time. why? And how can the phenomenon be addressed?
Cyber attacks on hospitals and medical institutions, including ransomware attacks, in which the attacker encrypts files on servers and demands ransom in exchange for their release, are a rising trend that has accompanied the world in recent years, and more so the outbreak of the corona crisis. According to a study by Check Point from January 2021, the number of ransomware attacks on healthcare organizations worldwide has increased by about 45% in the last months of 2020. Since the beginning of 2021, hospitals, clinics, health insurance companies and nursing homes in France, Australia and the US and services have been attacked National Health in Ireland and New Zealand have been forced to shut down systems to prevent further damage as a result of cyber attacks.
To date, most infidelity attacks on hospitals have led to the shutdown and slowdown of their information systems, difficulties in registering and accepting new patients, and the postponement of non-urgent surgeries and treatments. However, these assaults can also lead to deaths. In September 2020, a woman who experienced a heart attack died when she was forced to evacuate to a remote hospital, after the University Hospital in the city of Düsseldorf in Germany experienced a ransom attack and was forced to refer patients to other hospitals. Another danger is the leakage of sensitive medical information belonging to patients.
These attacks are most often attributed to financially motivated offenders, who take advantage of the vital need for proper hospital operations and the urgency of hospital staff to return their systems to full routine in order to demand high ransom amounts. The outbreak of the corona plague has led to an increase in the vitality of the healthcare industry, making hospitals an even more attractive target for malicious agents.
However, in the case of cyber attacks against Israeli targets, it is sometimes difficult to rule out state involvement. An example of this can be seen in the Pay2Key ransomware campaign, which focused on a number of Israeli companies at the end of 2020, and was linked to Iranian hacker groups, or the ransomware attack on the insurance company Shirbit. In both cases it was determined that the purpose of the assault was to cause damage, embarrassment and media and public outcry. Also, cyber attacks attributed to Iran in the past included the use of malicious code known as wiper that aims to erase information and cause destruction, all under the guise of an infidel attack attributed to criminals.
Infidelity attacks on critical infrastructures, such as hospitals, have become a global problem in recent years, and many countries, including the United States and the United Kingdom, are operating in a number of channels to minimize the phenomenon and hurt their business profitability. These channels include discussing whether the attacked organizations should be banned from paying the ransom, tracking payments in digital currencies in which the payment is made and blocking them, and even using military cyber capabilities to disrupt hackers’ activities ahead of time and rely on prior intelligence.
Given Israel’s advanced cyber capabilities, an offensive military solution aimed at disabling hackers’ infrastructure as a precautionary measure or in response may sound tempting. However, the effectiveness of cyber attacks against criminals is questionable and they have in the past led to only a temporary disruption of their activities. In addition, attributing the attack to a particular attacker is a complicated and complex challenge and given limited results, its cost is higher than the benefit.
The National Cyber Network works to publish guidelines and recommendations for critical organizations, companies and infrastructures. Medical institutions must formulate a clear cyber security policy, which sets out timelines for periodic software updates, including solutions for remote connection to the corporate network, implement multi-stage user authentication solutions, and split their internal networks to prevent potential validity from moving across the corporate network.
The author is a senior researcher and head of the cyber project of the Yuval Ne’eman Workshop for Science, Technology and Security at Tel Aviv University.