Iran and Hezbollah were behind cyberattack on Israeli hospital, says National Cyber Directorate
Iran and Hezbollah were behind cyberattack on Israeli hospital, says National Cyber Directorate
A joint investigation revealed that the Iranian Ministry of Intelligence’s Agrius and Hezbollah’s Lebanese Cedar were behind the cyber attack on Ziv Medical Center at the end of November, in which 300,000 patient records were stolen
Hezbollah and Iran were responsible for last month’s cyber attack against Ziv Medical Center in Safed, according to an announcement on Monday by Israel's National Cyber Directorate. The perpetrators were identified in a joint investigation conducted by the NCD, the IDF and the Shin Bet. Their combined efforts succeeded in limiting the scope of the November attack and preventing disruption of the hospital’s operations.
In late November, a cyber attack on the hospital's computer systems was detected with a group of hackers claiming to have stolen 300,000 patient records which they threatened to publish online. They have since published the records on social media, with the state prosecutor’s office working to remove the sensitive information.
The joint investigation has revealed that behind the attack was a cyber group associated with the Iranian Ministry of Intelligence, as well as Hezbollah's cyber group. "The cyber attack group Agrius, affiliated with the Iranian Ministry of Intelligence, attempted in late November 2023 to carry out a cyber attack on Ziv Medical Center with the goal of disrupting its activity, amid Israel’s war with Hamas,” the NCD said. "The attack was carried out by the Iranian Ministry of Intelligence with the involvement of Hezbollah's cyber unit known as Lebanese Cedar, led by Mohammed Ali Marai."
Ziv Medical Center is the fourth Israeli hospital in the last two years to suffer a major cyber attack. In October 2021, a cyber attack on Hillel Yaffe Medical Center in Hadera caused disruptions to its operations. Last August, Mayanei Hayeshua Hospital in Bnei Brak was forced to halt treatments after an attack paralyzed its computer systems. A month and a half ago, attackers managed to encrypt the servers of the Eitanim psychiatric hospital, though it did not affect the institution's overall activity.