Shamir Medical Center, a major Israeli hospital, was targeted in a cyberattack on Yom Kippur by Iranian actors, initially misattributed to an Eastern European ransomware group. The attack involved a data breach where medical information was leaked, though no medical services were disrupted. Authorities emphasized that the incident crossed a critical red line, as it risked endangering human life by targeting a healthcare facility. The attackers exploited stolen credentials to infiltrate systems, part of a broader campaign against Israeli infrastructure. While the breach was contained early, the leak of sensitive patient data posed severe reputational and operational risks. Israeli cybersecurity agencies, including the National Cyber Directorate and Shin Bet, collaborated to mitigate the damage, preventing more severe consequences like service outages or direct harm to patients. The attack underscored vulnerabilities in supply chain-linked digital service providers, with over ten private firms affected in recent weeks.
Source: https://www.ynetnews.com/tech-and-digital/article/rki5j78cxe
TPRM report: https://www.rankiteo.com/company/assaf-harofeh-medical-center-official-page
"id": "ass4232942102225",
"linkid": "assaf-harofeh-medical-center-official-page",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Israel',
'name': 'Shamir Medical Center (Assaf Harofeh '
'Hospital)',
'type': 'Hospital'}],
'attack_vector': ['Stolen/Leaked Credentials',
'Supply Chain (via digital service providers)'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (medical records)',
'type_of_data_compromised': ['Medical Information']},
'date_detected': '2023-10-04T00:00:00Z (approximate, Yom Kippur 2023)',
'date_publicly_disclosed': '2023-10-25T00:00:00Z (Wednesday, three weeks '
'after the attack)',
'description': 'Israel attributed a cyberattack on Shamir Medical Center '
'(Assaf Harofeh Hospital) to Iran, part of a broader campaign '
'targeting Israeli infrastructure. The attack, occurring on '
'Yom Kippur, involved a data breach and an attempt to disrupt '
'hospital operations. Medical information was leaked, but no '
'medical services were harmed. Initially, a ransomware group '
'from Eastern Europe claimed responsibility, but Israeli '
'authorities later identified Iranian actors as the '
'perpetrators. The incident was contained early, with '
'coordinated efforts from the National Cyber Directorate, Shin '
'Bet, government ministries, and the IDF. The attack was part '
'of a larger wave targeting Israeli companies and critical '
'service providers, often exploiting stolen or leaked '
'credentials.',
'impact': {'brand_reputation_impact': 'Moderate (public disclosure of data '
'leak and Iranian attribution)',
'data_compromised': True,
'identity_theft_risk': 'Potential (medical data leaked)',
'operational_impact': 'Attempted disruption (no actual harm to '
'medical services)',
'systems_affected': ['Hospital IT Systems']},
'initial_access_broker': {'entry_point': ['Stolen/Leaked Credentials',
'Supply Chain (digital service '
'providers)'],
'high_value_targets': ['Hospital IT Systems',
'Medical Data']},
'investigation_status': 'Ongoing (part of broader campaign analysis)',
'lessons_learned': 'Importance of coordinated response among national cyber '
'agencies, supply chain security vulnerabilities, and the '
'risks of credential theft in critical infrastructure.',
'motivation': ['Geopolitical',
'Disruption of Critical Infrastructure',
'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Enhanced monitoring by '
'National Cyber Directorate',
'Collaboration with MIRROR '
'Forum for incident '
'response'],
'root_causes': ['Weak credential security',
'Supply chain vulnerabilities',
'Geopolitical targeting']},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': 'Extortion demand with 72-hour deadline '
'(false flag by Eastern European group)'},
'recommendations': ['Strengthen credential security (e.g., MFA)',
'Enhance supply chain cybersecurity',
'Improve early detection and containment capabilities',
'Foster public-private collaboration for incident '
'response'],
'references': [{'source': 'The Times of Israel / Israeli National Cyber '
'Directorate'}],
'response': {'communication_strategy': ['Public disclosure by National Cyber '
'Directorate',
'Statements by Yossi Karadi (head of '
'National Cyber Directorate)'],
'containment_measures': ['Early containment by National Cyber '
'Directorate',
'Coordination with Shin Bet, IDF, and '
'government ministries'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': True},
'stakeholder_advisories': ['National Cyber Directorate warnings to Israeli '
'companies',
'MIRROR Forum (cybersecurity incident response '
'network)'],
'threat_actor': 'Iranian State-Sponsored Actors (initially misattributed to '
'Eastern European ransomware group)',
'title': 'Cyberattack on Shamir Medical Center (Assaf Harofeh Hospital) by '
'Iranian Actors',
'type': ['Cyberattack',
'Data Breach',
'Disruption Attempt',
'Ransomware (false flag)'],
'vulnerability_exploited': 'Weak or Compromised Credentials'}