Concerns of Sensitive Data Leak Following Cyber Attack on Israeli Hospital

“Our world relies on the sharing of personal information. Cyber attackers seek this information because they can demand a ransom or sell it in a way that allows them to profit from this data,” said Israel’s Privacy Protection Authority Commissioner

Mandi Kogosowski |

The Mayanei HaYeshua Medical Center. Photo credit: Dr. Avishai Teicher via the PikiWiki - Israel free image collection project / Wikimedia Commons

More than a week after the cyber attack on the Israeli hospital Mayanei HaYeshua, its repercussions are still felt, with new information released.

Following an initial investigation, the Privacy Protection Authority’s concluded that hat besides file encryption and computer system shutdown, there is a real indication that during the event, the attackers successfully obtained personal information about patients.

The attack is attributed to the 'Ragnar Locker' group from Eastern Europe. It is known that this group employs a double-extortion method, encrypting information and also stealing sensitive information from the targeted organization's network.

The leaked information may contain extremely sensitive data such as identity details and login passwords, usernames and contact details, medical information, credit card details, and more.

In light of the potential publication of sensitive personal information of patients, the Privacy Protection Authority (a Ministry of Justice division) released a clarification to the public yesterday (Tuesday), stating that it is prohibited to use the personal medical information of patients, including copying, distributing, publishing, processing or storing it. The prohibition includes using the information for the purpose of training AI systems.

Violation of these prohibitions may constitute a criminal offense, and the authority emphasizes that it will consider exercising its legal and administrative powers against those who act contrary to the aforementioned.

"In an attack of this nature against a hospital, the immediate concern is that sensitive personal information of patients may leak out and be misused for various illicit activities,” said Advocate Gilad Semama, Commissioner of the Privacy Protection Authority.

“Our world relies on the sharing of personal information. Cyber attackers seek this information because they can demand a ransom or sell it in a way that allows them to profit from this data.

“Therefore, we caution the public to be vigilant and not to act hastily if they receive any kind of email or phone communication, especially if they identify that medical information originating from the hospital is presented, but they do not recognize the entity making contact or pressuring the recipient to take a certain action on the internet at large.

“We are in the midst of the initial examination regarding the incident itself, and then we will proceed with a much deeper investigation to determine whether the organization, meaning the hospital, complied with information security regulations."

img
Rare-earth elements between the United States of America and the People's Republic of China
The Eastern seas after Afghanistan: the UK and Australia come to the rescue of the United States in a clumsy way
The failure of the great games in Afghanistan from the 19th century to the present day
Russia, Turkey and United Arab Emirates. The intelligence services organize and investigate
ad