Key Elements:
- Israel National Cyber Directorate (INCD) announced Iran and Hezbollah involvement in a cyber-attack on Ziv Medical Center in Safed.
- Hackers managed to access sensitive patient information but were prevented from interfering with the hospital’s physical functioning.
- The INCD identified hacker group AGRIUS, linked to the Iranian Intelligence Ministry and Hezbollah’s Lebanese Cedar group, as responsible for the attack.
- Consequently, hacktivist group “Predatory Sparrow” claimed responsibility for disabling the majority of gas stations across Iran in a likely retaliation.
On Monday, the Israel National Cyber Directorate (INCD) revealed Iran and Hezbollah were behind last month’s cyber-attack on Ziv Medical Center in Safed. According to INCD, the objective of the attack wasn’t solely to disrupt the hospital’s operations, but also to weaken Israel’s overall resilience during a time when many hospitals in the country were overwhelmed with wounded civilians and soldiers from the ongoing war.
The hackers successfully breached the hospital’s information security systems and accessed sensitive patient data, which was subsequently published online. Nonetheless, the hospital and INCD efficiently blocked the attackers from disrupting the physical operations of Ziv. Despite temporary setbacks in the hospital’s electronic services, none of the medical center’s actual medical equipment was compromised.
The INCD disclosed that the hacker group AGRIUS, associated with the Iranian Intelligence Ministry, and the Lebanese Cedar group, linked to Hezbollah, were responsible for the cyber-attack. Mohammed Ali Marai was identified as the main operator of the Hezbollah hacking group. The directorate maintained the court order preventing the publicising of any stolen personal data on websites under Israeli jurisdiction.
In a likely retaliation, a hacktivist group called “Predatory Sparrow” declared on Monday that it had carried out a cyber-attack that disabled the majority of gas stations across Iran. The group has also claimed responsibility for past cyberattacks on Iranian gas stations, railway systems, and steel plants. Tehran has accused Israel and Mossad of involvement in these attacks, with some Israeli officials unofficially confirming the same.
While INCD has managed to compel some online sites to remove some of the publicly posted personal data, it has not explained why hackers succeeded in breaching the Ziv Medical Center’s data security systems or assessed the damage inflicted by the data leak.