Cyberattack on Shamir-Assaf Harofeh Hospital Thwarted But Data Leak Feared

A serious cyberattack attempt targeting Shamir-Assaf Harofeh Hospital was detected and thwarted during Yom Kippur, the Ministry of Health, hospital management, and the National Cyber Directorate confirmed on Thursday.

Authorities said the hospital’s ongoing operations continued as usual, but acknowledged that sensitive data may have been leaked during the incident.

Attack Linked to Global Ransomware Group “Qilin”

Officials said the attack originated from Qilin, a notorious cybercrime group formerly known as Agenda. The group, based in Eastern Europe, is considered one of the most significant ransomware operations in the world, known for advanced capabilities, global partnerships, and sophisticated extortion methods.

Despite official assurances that the attack was stopped, the hackers have already published a dedicated webpage claiming responsibility. On it, they announced they had extracted around 8 terabytes of confidential hospital data, including:

• Patient medical records

• Internal communications

• Operational files

The group issued a ransom demand, threatening to release the information if payment is not made.

Hospital Denies Receiving Ransom Demand

Shamir-Assaf Harofeh Hospital stated that no ransom demand has been officially received and emphasized that its systems were not encrypted — a typical ransomware tactic.

The National Cyber Directorate reiterated that the functioning of the hospital was not compromised, adding that cybersecurity teams continue to monitor systems and verify data integrity.

Reports of Patient Data Already Leaked

Despite official denials, patients reported that their personal information is circulating online. Several told Walla! that they were “shocked” to discover their details had been exposed.

Leaked files now circulating on Telegram and other platforms allegedly include:

• ID numbers

• Residential addresses

• Medical diagnoses

• Departments where patients were treated

One patient said:

“It’s unpleasant, we are shocked. We didn’t know about this. We hope they will take care of it soon.”

Authorities Warn of Further Leaks

Cybersecurity officials warn that the initial publication of internal documents could be the first step in a broader extortion campaign, with further sensitive data potentially released if the attackers’ demands are not met.

For now, both the hospital and the Ministry of Health stress that medical services remain uninterrupted, even as digital forensic teams work around the clock to contain the breach.