All of the Magen David Adom websites have been down for the better part of a week due to a series of hacks that were revealed by the Israeli website known as The Marker. The hackers were able to break into Magen David Adom websites and expose information about patients that included sensitive medical information, financial information, and private information about the staff and volunteers who comprise the organization.
Hackers were even able to crash numerous servers that controlled vital information to the operation of the emergency medical services and ambulance organization that included disrupting communications between the dispatch center and ambulances.
The hack was revealed by a “White Hat”, or ethical computer hacker, who notified MDA and the Ministry for Internet Security about the hacks. Immediately upon learning of these hacks, MDA shut down all of their websites in Israel. The sites have been down since Sunday and were still down at the time of the writing of this article on Tuesday night.
A White Hat hacker, Elial Housy, is a professional computer programmer and wrks on helpful hacks to test the internet security of different organizations. Approximately one month ago, he noticed the first breakdown in internet security on MDA’s website.
“It was the first hack that I saw where information was leaked,” said Housy. “By changing a series of settings on a search engine, one could gain access to patient information. It was possible to get a person’s name, address, phone number, their I.D. number, and access to how much the patient owed MDA and for what. Slowly thereafter, I gained access to medical documents and information about the patients and everything that was told to the paramedic in the ambulance. For example, a person ill with the H.I.V. virus was easily accessible.”
Housy was also able to access credit card information of the patients. He was able to manipulate the system so that he could outstanding bills for patients for only 1 shekel. “The hack was incredibly easy, and anyone who knows a bit about how a website works ould gain access to all of this information in just a few minutes,” Housy added.
Housy located the largest problem on the payment site. He debated taking the story to the news, however, he decided instead to let MDA know, and upon learning of the problem, the organization shut down their sites in order to deal with the problem and prevent any future hacks. He found the database with all of the staff and volunteers’ information, including their addresses and telephone numbers. Then he was able to take control of some of the servers which allowed him to download their entire database. “Via the technique known as Remote Shell, I was able to bring down the control and override systems for the organization and harm their communication systems that are used to communicate with the ambulances.”
Magen David Adom responded and told The Marker that: “All of Magen David Adom’s information systems are guarded with the highest levels, and most advanced technological security systems that are on t he market. Even with all of that, occasionally hacks do occur, especially as the level of hacking capability rises. Therefore, once it was made known to us that the hack had taken place, we undertook all necessary measures and precautions. It is important to point out that at no point was there any danger to the operational servers of the organization.”
(YWN Israel Desk – Jerusalem)