Israel’s National Cyber Directorate and Ministry of Health announced the increasing ransomware attack they are receiving lately. Just this past weekend, ten hospitals and health institutions all over Israel has experienced a cyberthreat in their systems.
Fortunately, the two government sectors revealed that the threat attempts did not damage medical organizations. All cyberthreats were defended well thanks to the national level coordination of Israel and the quick and efficient response of the responsible IT groups.
The Ministry of Health and National Cyber Directorate had executed several defensive operations in the health sector to indicate open flaws and secure them before last week’s weekend arrived. Hillel Yaffe Medical Centre’s received threat attacks are what prompted the early security measures.
However, the efforts made by the two sectors seem insufficient because hackers still infiltrated some healthcare facilities throughout the weekend.
Chinese hackers are attributed to the attacks on Israeli hospitals.
According to numerous reports, the attack on Israeli hospitals is caused by a Chinese threat group that uses the DeepBlueMagin ransomware variant, first introduced in the hacking community last August.
The ransomware strain DeepBlueMagin is famous for disabling security solutions that detect and block file encryption attempted intrusions that allow for a high chance of successful attack.
What are the steps to follow that the Israeli organizations suggested?
The agency suggests reviewing the IOCs in the CSV file and double-checking if they have been seen in their environment.
Execute a scan of all systems and include the file hashes in the organization’s AV/EDR solutions.
Update the latest versions of all VPN and email servers to resolve any vulnerabilities that cybercriminals can use to access internal networks.
If, for instance, the servers are not updated, immediately upgrade them, and execute password resets across all employees and users. Further, increase and focus on monitoring unusual events inside the corporate networks.
Lastly, if any unusual activity or a breach happens, immediately report it to the Israeli National Cyber Directorate.
Endnote
While threat attacks targeting medical institutions are increasing day by day, the security level of Israel is also improving immensely. Out of all affected hospitals, Hille Yaffe is the remaining struggling institution affected by these ransomware attacks.
Currently, the staff of Hille Yaffe is back to using pen and paper to admit patients and note documents. However, the responsible authorities made it clear that the normal operations of this medical institution will be back shortly after securing all details that need to be confirmed.
