This post is also available in:
עברית (Hebrew)
Shamir Medical Center (Assaf HaRofeh), one of Israel’s largest hospitals, was hit by a cyberattack on Thursday, during Yom Kippur. A ransomware group known as Qilin has claimed responsibility for a cyberattack on its dark web site. The group alleges it has gained access to the facility’s internal systems and extracted roughly 8 terabytes of sensitive data.
In Qilin’s statement, the group claimed it had infiltrated Shamir’s IT network, exfiltrated large volumes of data, and demanded ransom within 72 hours. Failure to comply, they warned, will result in the full release of the stolen data online.
The data reportedly includes internal communications, operational documents, and confidential patient records. While only a few sample files have been released as proof, the volume of data claimed suggests that the scope of the breach could be extensive. Despite the attack being halted in its early stages, Israel’s Ministry of Health has now admitted that some emails from the hospital from the past week had been leaked by the attackers.
Qilin, which has been active since 2022, is currently considered one of the most prolific ransomware group of the year, linked to over 570 attacks globally. Their operations are believed to be based in Russia or Russian-speaking regions.
This incident highlights growing concerns around cybersecurity in healthcare environments. Medical institutions are particularly vulnerable due to the critical nature of their services and the sensitivity of the data they handle. Beyond potential disruptions to patient care, a breach of this scale may expose patients to identity theft, fraud, or other forms of digital exploitation.
Attacks timed around national holidays or unique periods are a known tactic among ransomware groups, intended to exploit reduced staffing and slower response times. The fact that this incident occurred during Yom Kippur may have been a calculated decision by the attackers.
The incident underscores the need for healthcare institutions to continuously update their cybersecurity protocols and incident response capabilities in light of increasingly aggressive ransomware activity.
