Major Israeli hospital hit by Qilin ransomware attack

Threat actors have claimed a cyber attack on a major Israeli hospital, exfiltrating and leaking data.

The Shamir Medical Center was listed on the dark web leak site of the Qilin ransomware gang, which claimed to have gained access to the hospital’s systems.

“We have successfully infiltrated and gained full access to your systems at Shamir Hospital, the largest medical facility in Israel,” the group wrote on its dark web leak site.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“Over the course of our operation, we have exfiltrated approximately 8 terabytes of sensitive and confidential data.”

The threat actor said data includes internal communications, data pertaining to critical operations, and patient records, backing its claims with a sample containing four documents.

“We demand a ransom payment to prevent this information from being publicly released. Failure to comply with our demands will result in the immediate publication of all stolen data, causing irreparable damage to your institution and compromising patient privacy,” Qilin said.

Cyber Daily observed that the Shamir Medical Center website was inaccessible at the time of writing, blocked by a security service warning.

Qilin said the medical centre had 72 hours to respond and begin negotiations, and warned that any involvement of law enforcement would “accelerate” the release of the data.

The Qilin ransomware-as-a-service operation was first observed in August 2022 and has claimed 698 victims since, making it one of the most active ransomware groups currently active.

VIEW ALL

As a ransomware-as-a-service operation, Qilin hires out its ransomware to affiliates in return for a cut of any ransom payment.

Qilin’s most recent Australian victim was the Wyong Rugby League Club, which was listed by the hackers on 17 August.

“Wyong Rugby League Club, Australia, is a network of 12 organisations, each offering entertainment, recreational and dining opportunities and promoting membership of their club. It is the membership card that opens up a full range of entertainment for its holder. And these cards have become the company’s weakest point,” Qilin said in its leak post.

“The company promised its customers that all this information would be completely confidential and would never be made public. And now this data, several thousand lines, has become available to everyone.”

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Major Israeli hospital hit by Qilin ransomware attack

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

FOLLOW US ON