The recent cyber attack on Mayanei Hayeshua Medical Center in Bnei Brak, Israel, has taken a new turn as the hackers responsible for the breach have started leaking the sensitive data they collected during the attack. The attackers, known as the Ragnar Locker gang, targeted the hospital in early August and have now begun releasing the information they stole.
In a series of posts on X (formerly known as Twitter), the group claimed that they intentionally avoided encrypting the data to prevent any equipment malfunctions or disruption of important medical instruments. However, despite not encrypting the data, they were still able to extract 1TB of information. This included a full SQL database and a significant number of .pst files containing internal correspondence.
The initial batch of leaked files from the hospital contains a vast amount of personal information, internal emails, financial data, medical cards, and other highly sensitive information. This data breach has raised concerns about the privacy and security of the patients and staff at Mayanei Hayeshua Medical Center.
It was reported in August that the cyber attack caused severe damage to the hospital’s computer systems, resulting in the disabling of its record-keeping capabilities. As a result, the hospital was unable to accept new patients at its outpatient clinics and imaging centers. This incident highlights the severe disruption and potential harm that cyber attacks can cause to critical healthcare infrastructure.
The attackers have claimed that they were able to download the data due to the existence of “serious vulnerabilities” in the hospital’s network. They further stated that they had attempted to alert the hospital about these vulnerabilities but received no response. This raises questions regarding the preparedness and cybersecurity measures in place at the medical center.
Unfortunately, Mayanei Hayeshua Medical Center is not the only healthcare facility to fall victim to cyber attacks. Numerous medical institutions worldwide have faced similar security breaches, with ransomware attacks becoming increasingly prevalent. In 2021 alone, St. Margaret’s Health in Illinois and Hillel Yaffe Medical Center in Israel were both targeted by ransomware attacks.
In response to the rising number of attacks on the healthcare sector, the US Department of Health and Human Services issued an alert last month regarding the Rhysida ransomware. This highlights the urgent need for increased cybersecurity measures and stronger defense systems to protect crucial medical infrastructure from malicious actors.
The leak of sensitive data from the Mayanei Hayeshua Medical Center serves as a reminder of the ongoing threats faced by healthcare organizations worldwide. It underscores the importance of implementing robust security measures, conducting regular vulnerability assessments, and ensuring prompt response and remediation procedures in the event of a cyber attack.
As the investigation into the breach continues, the focus now shifts to mitigating the potential harm caused by the leaked data and strengthening the cybersecurity practices at the medical center. The protection of patient privacy and the security of sensitive information must remain a top priority for healthcare institutions in the face of escalating cyber threats.