The cyber ransom attack on Hillel-Yaffe hospital: Experts work on rehabilitating the systems

The cyber ransom event in Hillel-Yaffe hospital is probably the most serious cyber event in the Israeli health system to date.The teams of cyber experts continue to work on rehabilitating the systems and returning to activity quickly. So far it is known that a group of hackers is relatively new, it is responsible for the attack and it is probably also valid for a hospital in the USA. The investigation is still in progress.
At this point, both the Ministry of Health and the cyber array have issued preliminary guidelines to other medical institutions.
Prof. Nachman Ash, Director General of the Ministry of Health, wrote to the hospital directors that due to the cyber attack, "I will ask for your maximum vigilance, giving appropriate instructions to employees while refreshing behavior that reduces risks. "
The National Cyber ​​Network has released preliminary technical guidelines for the event that include updating software and changing passwords: “It is advisable to make sure as soon as possible that all corporate email servers and VPNs are upgraded to the latest versions. "If these servers are not up to date with the latest versions, it is recommended to update them as soon as possible and initiate a sweeping password change for all users of these servers, in case the attacker gained a foothold using existing credentials."
At least three cyber (IR) companies are handling the event in Hillel Yaffe: 2B Skyr (from the Matrix Group), White Hat, and OP Innovate. These are private companies that charge at least $ 150 per person per hour of work, so this event will end up costing the hospital significantly. In addition, the Israeli cyber system is involved in the event.

Apparently the point of entry into the organization was a weak or outdated VPN software from the company Pulse. This is a permanent feature of the attack group that works against Hillel Yaffe, said an investigator involved in the incident.
The incident led to the cancellation of treatments and the incitement of patients to other hospitals - and it is still far from over. Meanwhile the hospital performs emergency medicine and is run using traditional paperwork. In some hospitals this is a practice that is done in cyber exercises.

The health sector is one of the most attacked in Israel, according to data recently published by Check Point: "The most attacked sectors in Israel in 2021 are education and research (with an average of 3,204 attacks per organization per week), communications / telecommunications (with an average of 2,064 attacks on Organization per week) and the health sector (with an average of 1,443 attacks per organization per week) ".
In the past, cyber incidents have been recorded at Rambam, Assuta, Hadassah, the Valley, Ziv, Poria and other institutions.

Meanwhile, Ministry of Health officials continue to deal with the cyber attack on Hillel Yaffe Hospital in Hadera, while at the same time hospital staff take care to send reassuring messages to the public. Meanwhile, other hospitals are preparing for the possibility of similar attacks - whose effects could be devastating. "Little is known about the group that attacked, and we are at the very beginning of the intelligence gathering," said Reuven Eliyahu, director of infrastructure, information security and cyber at the Ministry of Health.
"This is a group that started working recently and had one attack on a U.S. hospital," he added. We still do not know the answer regarding the motives. We have an assumption that the background is economic, but we are only at the beginning of the road. "" The Ministry of Health's cyber center blocks attacks and monitors attacks, "he said.
The extent of the damage to the Hillel Yaffa attack is still unclear - nor are the long-term consequences of the attack. However, according to past experience from previous cyber attacks by hospitals, it takes months to recover from such an attack - and operating rooms can be disabled for a long time. For example, in the case of a similar attack in Germany, the routine return procedure takes about three months.
Hillel Yaffe Hospital intends to hold all medical activities tomorrow as usual - including surgeries. However, all non-urgent activity for today and tomorrow has been postponed. Non-urgent elective activity is also rejected, but those who come to the emergency room receive full treatment. The hospital does not yet know when the incident will end - nor is it clear to them whether patients' details have been leaked from the system. "Experts are still trying to find out," they said.
"Teams of cyber experts continue to work on rehabilitating systems and returning to activity quickly," Hillel Yaffe said. "What is known so far is that this is a relatively new group of hackers, which apparently attacked a hospital in the United States. The investigation is still ongoing. The medical activity at the hospital continues, except for non-urgent activity. "
 From the cyber array that "it is recommended to increase vigilance for exceptional events in the corporate networks. It is highly recommended to update the national cyber array on any exceptional event in the corporate network, and in particular on locating one or more of the identifiers attached to this alert."