The Assaf Harofeh Medical Center in the central city of Beer Yaakov was targeted by a cyberattack over Yom Kippur, according to a joint announcement from the hospital, the Health Ministry and the National Cyber Directorate.
Authorities were investigating the possibility of a leak as a result of the attack.
While the statement said the attack was “blocked in its initial stages,” a Russian-speaking cybercrime organization threatened to publish patient data and demanded a $700,000 ransom.
The Ynet news outlet reported that the attack briefly shut down a medical records system used by hospitals across Israel, including Assaf Harofeh, which is also known as the Shamir Medical Center. The hospital’s core operations continued uninterrupted and it is back to normal, according to reports.
According to the Ynet report, the hack was alleged to have been perpetrated by Qilin, a Russian-speaking cybercrime organization thought to be based in Eastern Europe. The group also hacked into London hospitals last year, according to The Guardian, stopping tests and operations.
Get The Times of Israel’s Daily Edition
by email and never miss our top stories
By signing up, you agree to the terms
Ynet published a message posted by Qilin claiming to have obtained a large amount of data that it threatened to release within three days.
“We have successfully infiltrated and gained full access to your systems at Shamir Hospital, the largest medical facility in Israel,” the post says. “Over the course of our operation, we have exfiltrated approximately 8 terabytes of sensitive and confidential data. This data includes patient records, internal communications, and critical operational information. We demand a ransom payment to prevent this information from being publicly released.”
קבוצת התקיפה Qilin מפרסמת כקרבן את בית החולים שמיר (אסף הרופא).
הקבוצה טוענת כי היא מחזיקה ב-8TB של מידע, חלקו מידע רפואי רגיש. ומציבה דדליין של 72 שעות לתשלום דמי הכופר לפני שהמידע יפורסם. https://t.co/AkAl9PPesT pic.twitter.com/53fjE47ZlG
— חדשות סייבר (@CyberIL) October 2, 2025
The ransom note warned the hospital not to involve law enforcement and added, “Failure to comply with our demands will result in the immediate publication of all stolen data, causing irreparable damage to your institution and compromising patient privacy.”
The records system that was reportedly infiltrated contains data on patient visits and prescriptions, Ynet reported.
The outlet also said the ransom note was addressed to “Bibi and Sara,” referring to Prime Minister Benjamin Netanyahu and his wife, though that text did not appear in the screenshot Ynet published.
Is The Times of Israel important to you?
If so, we have a request.
Every day, even during war, our journalists keep you abreast of the most important developments that merit your attention. Millions of people rely on ToI for fast, fair and free coverage of Israel and the Jewish world.
We care about Israel – and we know you do too. So today, we have an ask: show your appreciation for our work by joining The Times of Israel Community, an exclusive group for readers like you who appreciate and financially support our work.
Already a member? Sign in to stop seeing this
You appreciate our journalism
You clearly find our careful reporting valuable, in a time when facts are often distorted and news coverage often lacks context.
Your support is essential to continue our work. We want to continue delivering the professional journalism you value, even as the demands on our newsroom have grown dramatically since October 7.
So today, please consider joining our reader support group, The Times of Israel Community. For as little as $6 a month you’ll become our partners while enjoying The Times of Israel AD-FREE, as well as accessing exclusive content available only to Times of Israel Community members.
Thank you,
David Horovitz, Founding Editor of The Times of Israel