A cyberattack targeting Shamir Medical Center on Yom Kippur leaked hospital emails sent on September 25, some of which included patient information, the Health Ministry confirmed Friday.
According to an initial assessment by the Health Ministry and the National Cyber Directorate, the breach involved email correspondence to and from the hospital. Luckily, the attack was contained before the hospital’s central medical record system could be compromised.
The announcement followed a Thursday report of an attempted hack into the hospital’s servers during Yom Kippur that had been blocked, raising fears of broader damage.
Officials emphasized that there is no indication that information leaked from Chameleon, the hospital’s primary medical data platform, which contains patients' complete medical records. Protecting this system is considered critical to ensuring uninterrupted hospital operations. Hospital staff stressed that medical services remain fully operational and that patient care has not been affected.
The Health Ministry and the National Cyber Directorate continue to support the hospital, collaborating with law enforcement and certified security experts to assess the scope of the breach and enhance protections. The hospital has been instructed to enhance its security measures, restrict access to sensitive information, and prepare for potential follow-up attempts.
Previous cyberattacks on Israeli hospitals
The incident comes against the backdrop of repeated cyberattacks on Israeli hospitals in recent years.
In September 2023, Kfar Shaul Mental Health Center in Jerusalem was hit by ransomware that encrypted part of its servers, forcing staff to switch to manual procedures. Three months later, Ziv Medical Center in Safed was also forced to disconnect systems after a cyberattack disrupted operations until recovery was completed.
Those events followed the severe ransomware strike on Hillel Yaffe Medical Center in Hadera, which crippled systems for weeks and highlighted the dangers of such attacks. Collectively, they underscore the health sector’s growing vulnerability to cyber threats that can jeopardize essential medical services and expose sensitive patient data.
In recent years, the health system has tightened its information security policy. Measures include stricter access management, separating critical networks, maintaining isolated backups, real-time monitoring, and specialized training for clinical staff.
Officials emphasize that ongoing coordination among hospitals, the Health Ministry, and the National Cyber Directorate is crucial to preventing similar breaches and ensuring Israel’s healthcare infrastructure can withstand future cyber threats.