Israel said Wednesday that Iran was behind a cyberattack three weeks ago on Shamir Medical Center, also known as Assaf Harofeh Hospital, part of a broader wave of Iranian attempts to target Israeli infrastructure and companies.
The National Cyber Directorate said the attack, which occurred on Yom Kippur, included a data breach and an effort to disrupt hospital operations. Although the attackers leaked medical information, the directorate said no medical services were harmed and the incident was contained early.
“At Shamir hospital, beyond the data leak itself, the attempt to harm a hospital in Israel crosses a red line that could have endangered human life,” said Yossi Karadi, head of the National Cyber Directorate.
Initially, a ransomware group from Eastern Europe claimed responsibility, posting an extortion demand with a 72-hour deadline. However, Israeli authorities later determined that Iranian actors were behind the attack.
The directorate said the incident was part of a larger campaign of cyberattacks on Israeli companies and critical service providers in recent weeks. More than ten private firms have faced various forms of cyberattacks, most of them through digital service providers that serve as links in supply chains.
Investigators found that in many recent incidents, hackers used stolen or leaked usernames and passwords to gain access to systems. While most attacks did not cause operational disruptions, some led to data leaks.
Officials said the damage could have been far worse without a coordinated response from the National Cyber Directorate, the Shin Bet security agency, government ministries and the Israel Defense Forces.
The directorate said it worked closely with affected companies and with the MIRROR Forum — a professional network of cybersecurity firms specializing in incident response.
“Thanks to close cooperation, rapid information sharing and a targeted response, the incidents were contained quickly and efficiently, preventing broader harm to Israel’s economy,” Karadi said.