Cyber Incident Victim: Mayanei Hayeshua Medical Center

On or around August 6, 2023, Mayanei Hayeshua Medical Center (MHMC) in Bnei Brak, Israel, fell victim to a significant cyberattack. The incident was publicly announced the following morning by the Health Ministry and the Israel National Cyber Directorate (INCD). The attack successfully disabled the hospital's computer systems responsible for record keeping, severely disrupting its administrative and patient intake operations. Despite the compromise of its digital infrastructure, the hack did not impact the operations of actual medical gear, allowing for the continuation of some critical clinical functions. In response to the disruption, the hospital was forced to cease accepting new patients into its outpatient clinics and imaging centers. Furthermore, even patients requiring emergency room services were being urged to seek care at other nearby medical facilities to ensure their needs could be met without delay. This measure was taken to prevent overwhelming the hospital's compromised systems and to guarantee patient safety. However, the medical center confirmed that patients who were already admitted and receiving care within the hospital continued to be attended to by staff and were not being transferred to other institutions, indicating that core inpatient care protocols remained functional.

The full impact of the incident on the hospital's long-term operations and financial standing was not immediately clear in the immediate aftermath. By Tuesday afternoon, the medical center provided an update specifying that its center for receiving pregnant women was still operating normally. This included the continued functionality of instruments used for monitoring the progress of pregnancies, suggesting that certain specialized departments were either isolated from the attack or relied on systems that remained uncompromised. The identity of the cyberattackers behind the intrusion was not known at the time of the reporting. Sources indicated that the INCD, which had a response team actively working on the incident at Mayanei Hayeshua, had not yet identified the perpetrators. This lack of attribution stands in contrast to a previous major cyberattack on an Israeli hospital, which targeted Hillel Yaffe Medical Center in Hadera in October 2021. Initially, suspicions in that earlier incident had centered around Iran, particularly because an Iran-affiliated group known as Black Shadow had carried out other major hacks against Israel during that period. However, it was eventually concluded that the hackers who attacked Hillel Yaffe were actually affiliated with the criminal sector in China, highlighting the complex and often misleading nature of cyber attribution.

The Hillel Yaffe incident served as a stark precedent and warning for the Israeli healthcare sector. It was later determined that the INCD had previously warned that particular medical center of specific cyberdefense shortcomings, and the hospital had reportedly slowed its efforts to address these known vulnerabilities. This delay ultimately contributed to severe consequences, leading to estimated losses of 36 million NIS and a recovery process that took over a month to fully restore systems. Cyber officials noted that if the medical center had acted more promptly on the warnings, it might have avoided the hack altogether, as several other medical centers that were attacked around the same time had managed to do. Alternatively, had its defenses been more robust, its systems could potentially have been restored within days instead of the prolonged period it actually required. This historical context raised questions about the preparedness of Mayanei Hayeshua Medical Center, and it was unclear whether the INCD’s response team would be able to restore its systems more quickly or how well-defended the medical center had been prior to the attack.

This incident underscored a broader, systemic vulnerability within the Israeli healthcare infrastructure and, indeed, the global medical sector. A report issued in May by State Comptroller Matanyahu Englman warned that Israeli hospitals had been “significantly hacked” on 13 occasions, with 10 of these incidents being classified as “of the most severe level.” The report detailed critical deficiencies across the health sector, including a lack of sufficient segmentation between different networked services, an absence of ongoing cybersecurity inspections, and insufficient probes into the various ways medical devices and facilities access the internet. It also cited a failure to implement broad structural defenses and to consistently update security for content. The report highlighted the wide variety of medical machinery that are becoming increasingly networked—from MRI and CT scan devices to ultrasound machines—thereby expanding the potential attack surface for malicious actors. The financial cost of fixing these deficiencies was estimated at an ongoing yearly cost of more than 10 million NIS for a single facility, identified only as “A” in the report, indicating the substantial investment required to achieve a secure posture.

The comptroller's report emphasized that it was not only critical for medical centers to have initial cybersecurity defenses in place but also to possess the capability to mitigate losses even after a hacker succeeds at penetrating one or more systems. This strategy of containment is essential to prevent the spread of an intrusion into other critical systems. Furthermore, the report recommended that the Health Ministry take a more active and assertive role in enforcing higher cybersecurity standards among the different medical centers throughout the country. The vulnerability is not confined to large, centralized hospitals; many local authorities in Israel, particularly those outside of major cities like Tel Aviv, are known to be poorly defended against cyber threats. Despite years in which medical centers across the globe have become prime targets for hackers, many hospitals, especially smaller ones, continue to lag behind in cyberdefense due to a combination of factors including a lack of understanding of the threat landscape, insufficient funding, or both.

The attack on Mayanei Hayeshua also brought attention to emerging threats beyond conventional cyber tactics. Former IDF Unit 8200 Colonel (res.) and Team8 Chief Ideation Officer Bobby Gilburd warned that the incident could be another sign of the failures of Israel and other nations to adequately prepare for artificial intelligence-based cyberattacks. He noted that even criminal sectors, not to mention unfriendly nation-states, can leverage AI to generate incredibly realistic and truthful-sounding text and invoice messages. These sophisticated messages are designed to target employees and trick them into clicking on malicious links that can then break through an institution’s cybersecurity defenses. This technique, a form of social engineering enhanced by AI, presents a formidable challenge. Gilburd stated that medical institutions and other critical infrastructure entities need to significantly improve their capabilities both in terms of deploying cyberdefenses that can cope with high-speed AI-driven attacks and in training their employees to anticipate and identify deepfake AI booby-trapped inquiries.

Israel is not isolated in facing these challenges within its medical sector. In a demonstration of the global scale of the problem, on August 4, 2023, just days before the attack on Mayanei Hayeshua, it was announced that 16 hospitals and more than a hundred other medical facilities across the United States were forced offline. This event was described as the largest medical sector cyberattack of 2023 in the US. The target was Prospect Medical Holdings, a company that owns hospitals and over 165 outpatient facilities across California, Connecticut, Pennsylvania, and Rhode Island. The nearly simultaneous timing of these major incidents on different continents highlights a coordinated or coincidental wave of attacks targeting healthcare providers, a sector that is often perceived as vulnerable and where disruptions can have immediate and life-threatening consequences. The attack on Mayanei Hayeshua Medical Center thus represents a single event within a much larger and increasingly alarming pattern of cyber aggression directed at essential health services worldwide.