Iran, Hezbollah Hackers Attacked Israeli Hospital’s Systems

Jerusalem, 18 December, 2023 (TPS) -- Israeli authorities disclosed on Monday that Iran and Hezbollah launched a cyber attack on an Israeli hospital.

According to Israel’s National Cyber Directorate, the two were responsible for a cyber attack on the Ziv Medical Center in Safed in late November. The attack sought to disrupt the hospital’s operations, but ultimately failed.

Through coordinated efforts involving the Israel National Cyber Directorate, the IDF, the Israeli Security Agency, the Health Ministry, and the hospital, the attack was thwarted before it could successfully disrupt hospital operations. Ziv is one of the hospitals treating Israelis injured in Hezbollah rocket attacks.

Patients’ medical treatment was not impacted, but the attackers managed to steal what the Cyber Directorate called “sensitive data” stored in the hospital’s systems. In a joint effort with the State Prosecutor’s office to protect patients’ privacy, channels containing sensitive data were promptly removed.

A joint investigation by the Israel National Cyber Directorate, the IDF, and the Israeli Security Agency (Shin Bet) revealed that the attack was carried out by the Iranian Ministry of Intelligence’s cyber attack group, called AGRIUS, under the leadership of a man identified as Mohammad Ali Merhi.

Since 2021, Israeli hospitals have encountered a series of cyberattacks with severe consequences. These incidents have included ransomware attacks, distributed denial-of-service (DDoS) attacks, and data breaches, all aimed at crippling the hospitals’ operations and compromising patient information.

State Comptroller Matanyahu Englman reported in May that Israel’s health care sector was vulnerable to cyberattacks. To test the preparedness of the hospitals, a team of hackers overseen by his office staged a controlled penetration of one major hospital, revealing deficiencies in the medical center’s security precautions and responses to the “hack.”

Englman’s report stressed the vulnerability of hospital equipment, such as ultrasound and MRI scanning devices, which are also integrated into hospital information networks.