Iranian-Linked Hackers Leak Sensitive Data from Israel’s Largest Healthcare Provider
A suspected cyberattack targeting Clalit Health Services, Israel’s largest health maintenance organization (HMO), has exposed thousands of sensitive documents, including patient records and internal communications. The breach was claimed by Handala, a hacking group with alleged ties to Iran, which published the stolen data online.
The leaked files include medical referral forms (Form 17), sick leave certificates, test referrals, and HR correspondence, some containing personal details of patients and employees. The group asserted that the breach compromised data belonging to over 10,000 patients and warned of further disclosures.
Clalit confirmed it is investigating the incident, which appears to be part of a broader trend of Iranian-linked cyber operations targeting Israeli critical infrastructure. The attack follows recent ransomware campaigns by other threat actors, including the Lazarus Group, which has adopted Medusa ransomware to extort healthcare and nonprofit organizations.
The breach underscores the growing threat of state-aligned hacking groups exploiting healthcare data, raising concerns over patient privacy and operational disruptions in the sector. No ransom demand has been publicly disclosed, but the incident aligns with escalating cyber tensions in the region.
Clalit Health Services cybersecurity rating report: https://www.rankiteo.com/company/clalit-health-services
"id": "CLA1772058455",
"linkid": "clalit-health-services",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 10,000 patients',
'industry': 'Healthcare',
'location': 'Israel',
'name': 'Clalit Health Services',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Over 10,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (patient and employee personal '
'details)',
'type_of_data_compromised': ['Medical referral forms (Form '
'17)',
'Sick leave certificates',
'Test referrals',
'HR correspondence']},
'description': 'A suspected cyberattack targeting Clalit Health Services, '
'Israel’s largest health maintenance organization (HMO), has '
'exposed thousands of sensitive documents, including patient '
'records and internal communications. The breach was claimed '
'by Handala, a hacking group with alleged ties to Iran, which '
'published the stolen data online. The leaked files include '
'medical referral forms (Form 17), sick leave certificates, '
'test referrals, and HR correspondence, some containing '
'personal details of patients and employees. The group '
'asserted that the breach compromised data belonging to over '
'10,000 patients and warned of further disclosures.',
'impact': {'brand_reputation_impact': 'Negative impact on brand reputation '
'due to data exposure',
'data_compromised': 'Thousands of sensitive documents, including '
'patient records and internal communications',
'identity_theft_risk': 'High risk due to exposure of personally '
'identifiable information',
'operational_impact': 'Potential operational disruptions in '
'healthcare services'},
'investigation_status': 'Ongoing',
'motivation': 'State-aligned cyber operations, geopolitical tensions',
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'Handala',
'title': 'Iranian-Linked Hackers Leak Sensitive Data from Israel’s Largest '
'Healthcare Provider',
'type': 'Data Breach'}