A day after falling victim to the biggest cyberattack in history on the Israeli health system, Hillel Yaffe Medical Center still has no idea how much damage was caused and does not know when they will be able to return to normal operations, according to a senior official.
Dr. Amnon Ben Moshe, administrative director of the Hadera institution, said that staff still have no access to the main systems used for viewing and updating hospital medical records, and for administration.
On Wednesday, the hospital was hit by a still-unresolved ransomware attack, forcing it to shut down its technology network and causing delays in care.
“We’re in a similar situation to yesterday, when we identified the situation and saw the cyberattacks,” he told The Times of Israel.
Questioned on the current situation, Ben Moshe said: “We don’t know the extent of the damage.” Regarding the timescale for getting back to normal, he said: “We have no idea. We just worked all night.”
Cybersecurity experts say the process could be a very long one.
Ido Geffen, a vice president at CyberMDX, an Israeli startup that offers cybersecurity solutions for medical devices and clinical assets, told The Times of Israel that the full recovery of data could take months.
Einat Meyron, a cybersecurity consultant and cyber resilience expert, said: “There is a long road ahead to recovery. We’ve seen similar events in the US, Belgium, and Portugal for example where hospitals were attacked, and they needed about three to six months just to get to a point where they could start working [normally] again.”
Channel 12 reported Thursday that the attackers left an email address on the servers that were attacked. An outside company acting on behalf of the hospital made contact with the hackers, who demanded $10 million dollars in ransom.
The report noted that as a government hospital they were barred from paying ransoms.
At Hillel Yaffe, some non-urgent procedures have been canceled, but most of the hospital’s work is continuing, using alternative IT systems, some of which have been installed specially. The ability of doctors to access nationally-held patient records which include their medical background (as opposed to internal hospital records) hasn’t been interrupted. This is because Hillel Yaffe recently introduced hand-held devices that provide this access.
Hospital management praised its staff for facing the new challenges well, in a statement on Thursday. “Along with the efforts of cyber and computing experts to rehabilitate the computer systems and investigate the incident, the medical work continues and our teams provide a very good response in the face of the existing challenges.”
Cybersecurity experts say that the attack, while serious, could have been worse. “In this attack, we know it came from the internet, meaning an attacker gained access to a password and then was able to get into the network,” said Geffen. “The good thing is, no medical devices or critical equipment were affected, as far as we know. In similar attacks in the US and Europe, critical devices that patients were connected to were indeed affected and that is a much worse situation.”
He added: ”Right now, the hospital is likely in the containment phase, making sure the attack doesn’t spread and trying to ensure all critical operations are still working. Then comes the investigation and recovery phase to determine what exactly happened and try to recover data.”
This is a long process if the hospital is to be sure that no “backdoors,” namely malware by which unauthorized users can get around security measures and regain access, are left in place.
“This can take months because it’s a careful operation to make sure the hackers didn’t leave any backdoors,” Geffen said.