Israel has recently suffered another cyber attack, this time targeting the Jerusalem Mental Health Center, and the Ministry of Health is preparing a number of information leakage protection mechanisms. Barak Gonen, a cybersecurity expert and a lecturer at the Jerusalem College of Technology, tells Israel National News about the growing trend of hackers targeting medical facilities.
The current attack, says Gonen, is a continuation of previous attacks on medical centers in Israel and around the world, and this fact causes widespread concern about the ability of the medical centers to function and the fear of the collapse of computer systems that would prevent medical treatment and also the fear that personal information of patients will be leaked and distributed.
Medical centers are, it turns out, an easy target for hackers for several reasons. "There are hacker groups attacking medical centers because they think they can get money that way, and other groups work on behalf of countries like the Iranians who want to sow a sense of chaos in the country."
An attack on a medical center is also easy to carry out, says Gonen, and recounts the last attack in which files were planted in a way that prevented the possibility of using the computerized systems. "This happens because there are hacker organizations whose goal is to extort money, and they will send a link to someone who will think the link is related to work, but behind the link, there will be malicious software that encrypts the files and the attacker is left with the choice between paying and getting the files back or losing the files."
"They attack hospitals because hospitals are entities that have a state behind them with money," says Gonen, and points out that "Many times hospitals are not sufficiently protected in terms of cyber attacks because there they will invest first in medical technology." The immediate priorities of the hospital managers cause a preference for investing in what stands in front of them as an immediate means of treating patients and not the more nebulous threat of cyber attack. "It is very humane to put the money on the patient right in front of your eyes," says Gonen and adds that for this reason bodies like the National Cyber Authority are supposed to take care of guiding the various parties on how to defend themselves and make sure that things are indeed done safely and correctly.
Gonen also points out that "in many of the medical centers, the computing is old, and the problem with these systems is that there are many loopholes. A hacker needs no more than to discover that the server behind the computers is outdated, and thus he can get in, and from that moment he can access the management capabilities of the system, delete documents, transfer or move them, and of course watch or disrupt the activity of the hospital. When this ability exists, all that remains is to decide what the goal is, to disable the target or embarrass the State of Israel. It's not that complicated and a lot of it is due to hospital computers not being updated with new software."