On Yom Kippur, one of the holiest days in the Jewish calendar, Shamir Medical Center, also known as Assaf Harofeh Medical Center, was targeted in a cyberattack that exposed email communications containing sensitive patient information. While the hospital’s core medical record system remained uncompromised, the cyberattack on Shamir Medical Center has reignited concerns over the increasing number of cyberattacks on hospitals across Israel.
According to a joint statement from the Israeli Health Ministry and the National Cyber Directorate issued on Friday, the cyberattack on Shamir Medical Center resulted in the unauthorized access and leak of hospital emails dated September 25. Some of the compromised emails reportedly included confidential patient data.
However, the hospital’s central medical data platform, known as Chameleon, which houses complete patient medical records, was not breached. Authorities confirmed that the attack was intercepted before it could penetrate this core system. Hospital officials have assured the public that all clinical operations remained unaffected, and patient care continued as usual.
Cyberattack on Shamir Medical Center and Ongoing Investigation
The cyberattack on Shamir Medical Center occurred during an attempted infiltration of the hospital’s servers on Yom Kippur, an attempt that was initially blocked. While the Health Ministry and National Cyber Directorate have managed to contain the threat, they are still investigating the possibility that some information may have been exfiltrated by hostile actors.
Cybersecurity experts, law enforcement, and government agencies are collaborating with the hospital to assess the full scope of the breach. In the meantime, the hospital has been directed to tighten its cybersecurity protocols, limit access to sensitive systems, and remain on alert for further intrusion attempts.
Russian Cybercrime Group Claims Responsibility
The Ynet news outlet reported that a cybercrime organization known as Qilin, a Russian-speaking group believed to operate out of Eastern Europe, is behind the cyberattack on Shamir Medical Center. According to Ynet, Qilin briefly disrupted a medical records system shared among hospitals in Israel, although critical operations at Shamir remained intact and have since returned to normal.
In a message reportedly posted by Qilin, the group claimed to have gained full access to the hospital’s internal systems, extracting approximately 8 terabytes of data. This cache allegedly includes patient records, internal communications, and operational information. The hackers demanded a $700,000 ransom and warned that failure to comply would result in the public release of the stolen data.
The ransom note stated:
“We have successfully infiltrated and gained full access to your systems at Shamir Hospital, the largest medical facility in Israel… Failure to comply with our demands will result in the immediate publication of all stolen data, causing irreparable damage to your institution and compromising patient privacy.”
Ynet also indicated that the ransom note included a direct message to Israeli Prime Minister Benjamin Netanyahu and his wife, although this portion was not visible in the screenshots released.
Pattern of Cyberattacks on Israeli Hospitals
This cyberattack on Shamir Medical Center is not an isolated incident. In recent years, Israel’s healthcare system has been the target of multiple cyberattacks on hospitals. In one of the most disruptive cases, Hillel Yaffe Medical Center in Hadera suffered a severe ransomware attack, forcing staff to revert to manual operations and distribute patients to other facilities.
These ongoing cyberattacks on hospitals underscore the vulnerability of critical infrastructure and the urgent need for enhanced cybersecurity measures. The Health Ministry, in cooperation with the National Cyber Directorate, has been actively working with hospitals and healthcare providers to implement stronger defenses. These efforts include stricter access controls, network segmentation, secure backups, and real-time monitoring systems. Training medical staff in basic cybersecurity hygiene has also become a priority.
