Iran and Hezbollah Conduct Cyberattack on Israeli Hospital

Latest Developments

The Israeli National Cyber Directorate confirmed on December 18 that Iran was responsible for a cyberattack on an Israeli hospital in late November. The hackers, working on behalf of Iranian intelligence and led by Hezbollah operatives, penetrated the Ziv Medical Center’s information system, stealing patient records and forcing the hospital to temporarily revert to non-electronic records. The hackers boasted that they stole 500 gigabytes of data, including 100,000 health records of Israeli soldiers. The hackers intended to undermine patient care, the directorate warned. Combined action by the hospital and Israeli security forces, however, prevented the hackers from compromising medical equipment.

Expert Analysis

“FBI Director Christopher Wray warned back in October that Iran might launch cyberattacks on critical infrastructure as the Israel-Hamas war continued, and that is exactly what we are seeing. The regime in Tehran is attempting to compromise American and Israeli companies because it knows that cyberattacks on civilian infrastructure can undermine public confidence and Israel’s ability to mobilize and flow military forces. Iranian hackers have so far been unable to cause significant disruptions, but a more forceful response in cyberspace is needed to send a clearer message to Tehran to change course.” — RADM (Ret.) Mark Montgomery, Senior Director of FDD’s Center on Cyber and Technology Innovation and FDD Senior Fellow

“Cyberattacks on healthcare systems not only affect patient privacy and the hospital’s financial well-being. They can directly affect patient care and outcomes. When hospitals must operate at a degraded level because they do not have access to electronic records, mortality rates rise, waiting room times lengthen, and some patients go unseen. Quick incident response by the Israeli hospital staff and Israeli government operatives ensured the hackers did not succeed in their ultimate goal and provides a model of public-private collaboration that U.S. critical healthcare infrastructure can, and should, emulate.” — Michael Sugden, Research Analyst and Editorial Associate at FDD’s Center on Cyber and Technology Innovation

Cyberattacks on Israel Skyrocket During the War

Cyberattacks against Israel have increased in frequency, intensity, and sophistication since the war began, according to cybersecurity firm Check Point. In recent weeks, pro-Hamas operatives and Iranian hacktivists and government-backed groups have also increased attacks against perceived allies of Israel. An Israeli group also reportedly launched retaliatory cyberattacks, temporarily disrupting the operation of gas stations in Iran. The group claimed to have conducted a “controlled” attack that avoided disrupting emergency services.

Iran Attacks American Critical Infrastructure

Iran has a long history of attacking critical infrastructure. Its first cyber operations over a decade ago included a destructive attack on Saudi Aramco and disruptive attacks on the U.S. financial system. Iran attempted to poison Israel’s water system in 2020. Two years ago, Iranian hackers targeted Boston Children’s Hospital in what FBI Director Chris Wray called “one of the most despicable cyberattacks.” And earlier this month, the FBI confirmed that Iranian hackers compromised as many as 10 small water utilities across the United States. The U.S. intelligence community has warned that Iran’s “growing expertise and willingness to conduct aggressive cyber operations” makes its operatives a “major threat” to U.S. and allied critical infrastructure.

Related Analysis

“Iranian Hackers Compromise American Water Utilities,” by Annie Fixler and Suyash Pasi

“FBI Director Warns of Increased Risk of Iranian Cyberattacks,” FDD Flash Brief

“Cyber Command Should Tap on Iran’s Windows,” by RADM (Ret.) Mark Montgomery and Annie Fixler

“Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care,” by Michael Sugden