In a new report, Israel State Comptroller Matanyahu Englman warns that Health Ministry would not be able to protect the country's medical institutions against cyberattacks, according to an article published May 10 in the Jerusalem Post.
An audit was performed from January to November 2021 that found 13 of 17 medical institutions did not conduct risk assessments on medical equipment and did not have a plan in place for system recovery in the event of hacking.
The Post's report said that in October 2021, during the audit, hackers broke into the servers of Hillel Yaffe Medical Center in Hadera, leading to a large-scale disruption.
However, the audit also found that 13 of the 17 institutions did not perform necessary data security risk assessments on medical equipment and did not have plans in place for a hacking event. Also, 14 institutions allow device manufacturers to connect to MRI and CT devices remotely, one did not regulate how remote connections took place, and two didn't monitor remote connections at all.
On the other hand, the institutions surveyed did a better job of assessing security when purchasing new equipment. In all, 12 of the 17 institutions took data security into account when assessing the purchase of medical devices.
The article goes on to say that Englman recommended that external technicians performing maintenance work at institutions arrive only after coordinating their visit with relevant officials and that an institution employee should accompany maintenance workers at all times.