Iran-linked hackers claim to leak troves of documents from Israeli hospital
A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers.
In a cyberattack on Ziv Medical Center in the city of Safed, near the border with Syria and Lebanon, the hackers claimed to have accessed 500GB of data dating back to 2022. This includes 700,000 documents allegedly containing patients’ personal and medical information, such as types of diseases and prescribed drugs.
The group responsible for the attack, which goes by Malek Team, began releasing documents — including those they say contain data from the Israel Defense Forces (IDF) — on their Telegram channel over the weekend.
The hackers didn't specify when they attacked the hospital, but the Israeli National Cyber Directorate issued a warning about an incident impacting the computer systems of Ziv Medical Center last week.
According to the statement, “the incident has been identified and contained without disrupting or affecting various systems and the operation of the medical center.” As a precautionary measure, the hospital temporarily disconnected its email server and some of the computer systems.
The security team has started an investigation to determine whether an information leak occurred but has not yet published any results. The agency did not immediately respond to a request for comment.
According to Israel’s newspaper The Jerusalem Post, this is the third time Ziv Medical Center has fallen victim to a cyberattack in four months. According to local media reports, the hospital and the Israeli privacy protection authority acknowledged indications of leaked information from Ziv’s systems.
Israeli authorities have prohibited the use, transfer, or distribution of any leaked information and said that they are seeking charges against individuals involved in the incident.
Malek Team also claimed responsibility for cyberattacks on other targets in Israel, including Ono Academic College (which was also targeted earlier in October), along with Israeli tech and media companies.
The hackers released abundant evidence of data that was purportedly leaked, including videos of university classes and admission interviews with students, as well as scans of passports and documents belonging to their victims. The authenticity of this data has not been idependently confirmed.
Cyberattacks have intensified amid the war between Israel and Palestinian militant group Hamas.Hackers, suspected to be tied to Iran, have targeted Israeli organizations before. In October, researchers detected a cyberattack on at least two Israeli entities by a long-running group connected to the Iranian government called MuddyWater. In November, Iran-linked hackers attacked Israeli education and tech organizations.
According to a senior National Security Agency official, Tehran has been Hamas’ longtime benefactor and U.S. national security leaders have sounded the alarm that Iran could bring its own formidable digital might to the conflict.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.