Israeli hospitals were hit with 13 major cyberattacks in 2021, making the health care sector one of the most targeted by hackers, according to a report released on Tuesday by State Comptroller Matanyahu Englman.
The comptroller, also known as the state ombudsman, periodically releases reports auditing Israeli preparedness and the effectiveness of government policies.
Engelman’s report said ten of the cyberattacks were “of the most severe level.”
To test the preparedness of the hospitals, a team of hackers overseen by the Comptroller’s Office staged a controlled penetration of one major hospital identified as Medical Center A. The attack revealed deficiencies in the medical center’s security precautions and responses to the “hack.” According to Engelman, the shortcomings can also be applied to other medical centers.
“Ten of the findings were of high severity and three of moderate severity,” the report said.
“Following the penetration test, the management of Medical Center A corrected several deficiencies, and in particular updated the security level of certain systems. According to the management of the medical center, the total cost of correcting the defects can amount to more than 10 million shekels [or $2.7 million] per year on an ongoing basis,” the report added.
The ombudsman also cited the vulnerability of hospital equipment, such as ultrasound and MRI scanning devices, which are also integrated into hospital information networks.
The report recommended that hospital managers formulate a work plan to eradicate or minimize the risks, and that regular penetration tests be carried out.
Engelman also called on the Health Ministry to examine the findings of the penetration test on Medical Center A to develop and implement recommendations for other medical institutions.
Since 2021, Israeli hospitals have encountered a series of cyber attacks with severe consequences. These incidents have included ransomware attacks, distributed denial-of-service (DDoS) attacks, and data breaches, all aimed at crippling the hospitals’ operations and compromising patient information.
In October of that year, Israel’s National Cyber Directorate thwarted attacks on several medical institutions. But a ransomware attack on the Hillel Yaffe Medical Center in Hadera paralyzed the computer systems, patient registry and even electric doors.
Image - Flash90