Top cyber official: Hospital attack ‘purely financial,’ likely by Chinese group
Warning of ‘ongoing battle’ with hackers, Health Ministry cybersecurity chief Reuven Eliyahu says Israeli health sector is targeted ‘tens of thousands of times a month’
Health Ministry cybersecurity chief Reuven Eliyahu said Monday morning that last week’s massive ransomware attack on Hillel Yaffe Hospital in Hadera was likely carried out by Chinese hackers whose motives were “purely financial.”
“This is probably a Chinese hacker group that broke away from another group and started working in August,” Eliyahu said in an interview on Army Radio. “The motive for the attack was purely financial.”
A ransomware attack involves breaking into an entity’s networks to encrypt its data, then demanding a ransom, typically paid via cryptocurrency, to unlock it. As a government hospital, Hillel Yaffe was barred from paying any ransom, according to Channel 12 news.
“We are investigating the incident and continue to invest funds to prevent such cases from recurring,” Eliyahu said.
With the Health Ministry still working to restore Hillel Yaffe’s systems, Eliyahu said that lessons learned from the cyberattack would soon be passed on to other Israeli hospitals, but that the battle against hackers was far from over.
“In the cyber world, the struggle is like a marathon; it is an ongoing war. This is World War III. It is a huge battlefield of billions of warriors,” he said, adding that “the health sector in Israel is attacked tens of thousands of times a month.”
The Kan public broadcaster reported Sunday that it could take “days or weeks” to recover the hospital’s systems, while the National Cyber Directorate and Health Ministry said in a joint statement that they were still working to restore Hillel Yaffe’s systems “gradually and securely, as soon as possible.”
Some non-urgent procedures were canceled as a result of the attack, but most of the hospital’s work is continuing, using alternative IT systems and pen and paper.
Sunday’s joint statement said the ministry and directorate had thwarted a wave of attempted cyberattacks targeting Israeli hospitals and health centers over the weekend.
“Early assessments and a quick response from the directorate and staff on the ground halted the attempts and no damage was caused,” the joint statement said.
The directorate said nine hospitals and health institutions were targeted. It was not immediately clear what type of cyberattacks were attempted, or who may have been behind them.
Last week, the National Cyber Directorate issued a general warning to Israeli businesses to be aware of potential cyberattacks, as the country faced an uptick in hacking attempts.
Data released Thursday suggested that Israel was the country most affected by ransomware since 2020.
Last week, Microsoft said that it had identified a group of Iranian hackers using the tech giant’s products to target Israeli and American defense technology companies as well as firms running maritime shipping in the Middle East.
Separately, Google warned of a surge in state-backed hackers, with a report focusing on the “notable campaigns” of a group linked to Iran’s Revolutionary Guard Corps.
Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020. Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts — including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.
However, Kan reported Sunday that investigators believe that the hospital attacks were criminal and not security-related, an assessment made explicit by the Health Ministry’s Eliyahu on Monday.
In July, cybersecurity firm Check Point reported that Israeli institutions are targeted by about twice as many cyberattacks as the average in other countries around the world, particularly the country’s health sector, which experiences an average of 1,443 attacks a week.
The most targeted sectors around the world, including in Israel, are education and research, followed by government and security organizations, and then health institutions, Check Point said. The report found that, on average, one in every 60 Israeli organizations or firms is targeted every week with ransomware attacks, an increase of 30% over the rate in 2020.
Agencies contributed to this report.