{"id":308712,"date":"2025-11-25T23:33:26","date_gmt":"2025-11-25T23:33:26","guid":{"rendered":"https:\/\/www.newsbeep.com\/au\/308712\/"},"modified":"2025-11-25T23:33:26","modified_gmt":"2025-11-25T23:33:26","slug":"cyberattacks-are-surging-and-the-health-care-system-is-still-vulnerable","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/au\/308712\/","title":{"rendered":"Cyberattacks are surging and the health care system is still vulnerable"},"content":{"rendered":"

<\/p>\n

4 View gallery <\/p>\n

\"\u05d1\u05e0\u05d9\u05d9\u05df<\/a>\"\u05d1\u05e0\u05d9\u05d9\u05df<\/p>\n

The cyber attack on Hillel Yaffe hospital disabled part of the hospital\u2019s services for a period <\/p>\n

(Photo: Elad Gershgorn)<\/p>\n

In the Middle East and Africa region, Israel is first, having taken 20.4% of all recorded cyber incidents in that region. <\/p>\n

Facing the country are persistent adversaries like Iran, which directs approximately 64% of its global cyber\u2011activity at Israeli targets in order to gather intelligence, disrupt services and spread propaganda. <\/p>\n

The attacks are carried out not only via vulnerabilities and exploits, but also by using compromised credentials resulting from breaches of other entities or by classic phishing attacks (social\u2011engineering based) which succeed in gaining unauthorized access to organizations\u2019 systems.<\/p>\n

Despite the constant presence of state\u2011actors (governments constitute 17% of global targets) the main motive behind the attacks remains financial: in 80% of cases the attackers sought to steal information, and in over half of cases (52%) the motive was extortion or ransomware. <\/p>\n

Ynet spoke with Amir Preminger, CTO of the company Claroty which specializes in protecting critical infrastructure, to try to understand where we stand today vis\u2011\u00e0\u2011vis these cyber threats, and what the future holds.<\/p>\n

Claroty published data on cyber\u2011attacks. Do the numbers you published reflect the full picture, and do they include only successful attacks? <\/p>\n

\u201cIt\u2019s important to define what constitutes an attack. Our data comes mainly from publications by various attacker groups, either in formal media or on the dark web. We monitor the dark web, Telegram groups and forums in order to extract indicators of attacks that are definitely related to critical infrastructure, such as hospitals, and especially organizations under Claroty\u2019s umbrella.<\/p>\n

\u201cWe invest significant resources to ensure there are artefacts that indicate intrusion or theft of data (such as medical records or internal hospital servers). This is minimal validation, and what\u2019s published is what we were able to extract.\u201d<\/p>\n

<\/p>\n

4 View gallery <\/p>\n

\"\u05de\u05ea\u05e7\u05e4\u05ea<\/a>\"\u05de\u05ea\u05e7\u05e4\u05ea<\/p>\n

Cyber \u200b\u200battack on Shamir Assaf Harofeh Medical Center<\/p>\n

The data you published paints a particularly alarming picture for Israel. What is the significance of the fact that in the last\u202f3\u202fyears more than\u202f136 reported attacks were carried out in Israel by over\u202f20 hacker\u2011groups? And how exposed are hospitals?<\/p>\n

“These numbers require us to wake up. Of all the attacks reported in Israel in the last three years, 34 attacks, about 25%, were directly targeted at critical infrastructure. Worse, 8 out of 136 attacks, about 5%, were directly targeted at health organizations.<\/p>\n

\u201cHospital networks are organizational networks in every sense, similar to a computing network in an insurance company or a factory. The threats are only increasing. Hospitals in Israel accumulate threats from hackers and activists who want to prove they succeeded in harming them, and their exposure level is similar to any other organization. However, due to digitization, hospitals are exposed to more external resources.\u201d<\/p>\n

What trends in attack methods do you identify, and what are the weaknesses enabling most of them? <\/p>\n

\u201cIn recent years we have witnessed a significant rise in attacks demanding ransom (ransomware) and data theft. The attackers\u2019 motive combines demand for ransom with a desire to damage reputation. Beyond the motive, the weaknesses that allow most of the intrusions remain basic, sadly: weak passwords and password reuse; neglect of software updates; and use of outdated protocols and software that are not considered secure.\u201d<\/p>\n

When speaking of state\u2011based attacks, is there concern that our medical records will find their way to hostile states, and what is the difference between a ransomware attack and a state\u2011sponsored one? <\/p>\n

\u201cThe attacker\u2019s motive is the key. There is a difference between a state campaign to steal information and ransom aimed at money or notoriety. State\u2011sponsored attacks can be divided into two types \u2013 the \u201cred\u2011button\u201d (shutdown) type, which uses a covert capability to take down, say, a hospital system.<\/p>\n

\u201cThis is a one\u2011off event that is intended to create maximum impact. Cause patient harm, death or what is called maximal impact. The moment you activate it, the attacker raises awareness and may be expelled from the network. The incident at Hillel\u202fYaffe, for example, disabled part of the hospital\u2019s services for a period.<\/p>\n

\u201cThe second type of attack is for information collection. A covert presence inside networks for gathering personal information. We probably haven\u2019t heard about it because it doesn\u2019t cause service disruption. As digitization grows, even private clinics use similar systems, making personal information more accessible.\u201d<\/p>\n

<\/p>\n

4 View gallery <\/p>\n

\"\u05d1\u05d9\u05ea<\/a>\"\u05d1\u05d9\u05ea<\/p>\n

Ziv Hospital in Safed. It also experienced a systems breach<\/p>\n

(Photo: Efi Sharir)<\/p>\n

Is the current situation really \u201cacceptable,\u201d or is it worrying? <\/p>\n

\u201cIt\u2019s worrying. Things are being breached on a daily basis. We have no way of predicting attacks, and the only thing to emphasise is the need to continue investing in ongoing security. Attacks simply happen, it\u2019s a matter of probability and timing.\u201d<\/p>\n

You spoke about artificial intelligence and enabling attack capabilities. Does AI create a gap between attackers and defenders, or do we have similar defense tools? <\/p>\n

\u201cIt will always be a cat\u2011and\u2011mouse game. The capability has been given to both sides, but defense is always harder than offense. AI has significantly improved exploit\u2011time for a vulnerability, and allows an attacker, who previously did not have programming expertise or a certain platform, to acquire knowledge and use it at much larger scale and faster speed.\u201d<\/p>\n

Are there already smart agents capable of carrying out attacks autonomously? <\/p>\n

\u201cYes, there are already a number of different agents that can do so. The difference from automatic tools of the past is that AI can make reasoned decisions. Instead of a simple scanning tool, AI incorporates decision\u2011making and learning ability which shortens time and increases the amount of information upon which it bases decisions.<\/p>\n

\u201cIn the medical sector, using AI\u2011agents leads to much greater sharing of medical information, raising privacy questions. Moreover, these technologies create a new attack surface, and the problem is organizations rush to implement them without sufficiently understanding the security implication.\u201d<\/p>\n

Where is the cyber\u2011world headed in the coming years, in your estimation? <\/p>\n

\u201cIf you ask me, we are heading in several directions. The first is increasing change via AI \u2014 organizations will need to share information with external parties (such as cloud\u2011services) who have the required resources. This raises difficult privacy issues.<\/p>\n

\u201cThe second is a rise in the quantity of attacks and their complexity. The number of attacks is increasing trend\u2011wise, and the attackers are becoming more skilled. The third direction we will see the cyber\u2011world go is the need for protection beyond the \u2018four walls,’ since the traditional organizational perimeter no longer exists.<\/p>\n

\u201cWe will see more data exposure due to third\u2011party actors, and organizations will need to intervene in their partners\u2019 security state. This required reciprocity will force all entities to improve their security capabilities.\u201d<\/p>\n

<\/p>\n

4 View gallery <\/p>\n

\"\u05e8\u05d0\u05e9<\/a>\"\u05e8\u05d0\u05e9<\/p>\n

Prime Minister Benjamin Netanyahu visits the National Cyber \u200b\u200bCommand in Beersheba<\/p>\n

(Photo: Kobi Gideon\/GPO)<\/p>\n

Where do we stand in terms of government regulation in the cyber\u2011domain?<\/p>\n

\u201cGovernment involvement in protecting private entities is very limited. Although Israel has serious cyber\u2011capabilities, its ability to enforce or transfer knowledge to industry is problematic, mainly due to the Privacy Law. An ISP or the state is prevented from intervening in content reaching the private customer.<\/p>\n

\u201cThe state cannot force a private organization to defend itself. An example of change was recorded during the war, when the state issued an emergency regulation that allowed it to shut open web\u2011cams. That proved they understood the size of the problem, but this is an action that requires heavy regulation. Today, bodies in the country don\u2019t have the tools needed to act based on intelligence information about exposed vulnerabilities.\u201d<\/p>\n

Do we need more aggressive regulation, or is a surgical\u2011case\u2011by\u2011case approach preferable?<\/p>\n

\u201cIt\u2019s better to start with awareness and lots of education. In large organizations like hospitals, the government should help financially and by providing guidelines and critical support when needed. The more serious problem is the private market, where there\u2019s no organized body to work with, and it\u2019s difficult to reach the citizen at the end. We need to raise awareness, and perhaps create a requirement for a minimum set of tools via cyber\u2011insurance companies.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"4 View gallery The cyber attack on Hillel Yaffe hospital disabled part of the hospital\u2019s services for a…\n","protected":false},"author":2,"featured_media":308713,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[64,63,137,500],"class_list":{"0":"post-308712","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-healthcare","8":"tag-au","9":"tag-australia","10":"tag-health","11":"tag-healthcare"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/308712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/comments?post=308712"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/308712\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media\/308713"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media?parent=308712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/categories?post=308712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/tags?post=308712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}