Health ministry cybersecurity chief Reuven Eliyahu said Monday morning that the massive ransomware attack on Hillel Yaffe Hospital in Hadera last week was likely carried out by Chinese hackers whose motives were “purely financial”.
“This is likely a Chinese hacking group that broke up with another group and started work in August,” Eliyahu said in an interview on Army Radio. “The motive for the attack was purely financial.”
A ransomware attack consists of breaking into a company’s networks to encrypt its data and then demanding a ransom, usually paid via cryptocurrency, to unlock it. As a state hospital, Hillel Yaffe was not allowed to pay a ransom, according to Channel 12 news.
“We are investigating the incident and are continuing to invest resources to prevent such cases from happening again,” said Eliyahu.
With the Ministry of Health still working to restore Hillel Yaffe’s systems, Eliyahu said the findings from the cyber attack would soon be shared with other Israeli hospitals, but that the fight against hackers is far from over.
“In the cyber world, combat is like a marathon; it’s an ongoing war. This is the third world war. It is a huge battlefield of billions of warriors, ”he said, adding that“ the health sector in Israel is attacked ten thousand times a month ”.
Public broadcaster Kan reported Sunday that it could take “days or weeks” to restore the hospital’s systems, while the National Cyber Directorate and Ministry of Health said in a joint statement that they were still working on upgrading Hillel Yaffe’s systems ” gradually and safely restore “as soon as possible.”
Some non-urgent procedures were abandoned as a result of the attack, but most of the hospital’s work continues with alternative IT systems and pen and paper.
The joint statement on Sunday said the ministry and management thwarted a wave of attempted cyberattacks against Israeli hospitals and health centers over the weekend.
“Early assessments and a quick reaction from the management and the staff on site stopped the tests and no damage was caused,” said the joint statement.
The directorate said nine hospitals and health facilities had been targeted. It was not immediately clear what type of cyberattacks were attempted or who was behind them.
Last week the National Cyber Directorate issued a general warning to Israeli companies to be alert to potential cyberattacks as the country faced a surge in hacking attempts.
Data released on Thursday suggests Israel has been the hardest hit country by ransomware as of 2020.
Last week, Microsoft said it had identified a group of Iranian hackers who are using the tech giant’s products to target Israeli and American defense technology companies and maritime shipping companies in the Middle East.
Separately, Google warned of a surge in government-sponsored hackers, in a report that focused on the “notable campaigns” by a group affiliated with the Iranian Revolutionary Guard Corps.
Numerous suspected Iranian cyberattacks have been reported on Israel in recent years, including one that targeted its water infrastructure in 2020. Israel and Iran were embroiled in a year-long shadow war with Israel allegedly leading most of its efforts – including several alleged cyberattacks – to sabotage the Islamic Republic’s nuclear program.
However, Kan reported on Sunday that investigators believe the attacks on the hospital were criminal and not security related, an assessment that Eliyahu from the Ministry of Health made explicit on Monday.
In July, cybersecurity firm Check Point reported that Israeli facilities are being attacked by about twice as many cyberattacks as the average in other countries around the world, particularly in the country’s health sector, which averages 1,443 attacks per week.
The sectors hit hardest around the world, including Israel, are education and research, followed by government and security organizations, and then health facilities, Check Point said. The report found that, on average, every 60th Israeli organization or company is affected by ransomware attacks every week, a 30% increase from the rate in 2020.
Agencies contributed to this report.