February Edition 2023

47 ministry of health (Sectoral Cloud Committee) in case risks are found to be high. Furthermore, when a positive decision had been made to use Cloud Computing, it requires that the health organization settle the Cloud service provider’s cybersecurity conduct and obligations, as well as provide for supervision mechanisms by the health organization, in the agreement between the parties. The recent year may therefore serve as an opportunity for advancement of the cybersecurity resilience in Israel health sector, with the combination of a major cyber incident in a hospital and its lessons, the State Comptroller’s newly report with conclusions and recommendations for the sector, and new regulatory steps taken by the Ministry of Health to delineate concrete and updated obligatory guidelines for the sector. Cyber threats in this sector are expected to keep evolving together with new technologies, and the regulatory steps will obviously have to be updated from time to time. But health organizations should seek to learn the lessons obtained and implement the regulations in force. Considerations of compliance andminimizing risks of legal exposure in the case of the health sector carry broader dimensions with respect to some other sectors, as they may involve direct implications for human lives and wellbeing.