Heimdal
article featured image

Contents:

The Ragnar Locker ransomware gang claims responsibility for the cyberattack on Mayanei Hayeshua hospital from Israel.

The incident occurred in August 2023, and cybercriminals allegedly managed to steal 1TB of data. Now, the criminal gang threatens to leak all that exfiltrated information.

The Ragnar Locker Data Leak Site

The Ragnar Locker ransomware group created a new page on their data leak site dedicated to the hospital, according to MalwareHunterTeam.

Threat actors mentioned that although they did not encrypt devices because the victim was a hospital, they did steal data from the company.

First of all, we want to emphasize that since this is a medical institution – we didn’t run any encryption to avoid equipment malfunctions, or necessary instruments.

However, serious vulnerabilities allow us to download a lot of data and someone else in our place could use such vulnerability in any other way.

Ragnar Locker message (Source)

Threat actors leaked 420 GB of purportedly Mayanei Hayeshua stolen data so far. Furthermore, they threatened to disclose more over the following week.

Details about the Mayanei Hayeshua Attack

In the August 2023 cyberattack on Mayanei Hayeshua, the hospital’s computer systems for record-keeping were crippled, but the functionality of vital medical equipment remained unaffected.

As a result, the hospital was unable to admit new patients to its outpatient clinics and imaging centers. Individuals in need of emergency care needed to seek treatment at nearby medical facilities.

During the attack, Ragnar Locker alleges to have acquired sensitive data, encompassing medical records, procedural details, and medication prescriptions.

In a ransom note sent to Mayanei Hayeshua, the perpetrators assert that they have extracted 1 TB of information. This data includes a SQL database and email correspondence.

Why Threat Actors Target Hospitals?

Hospitals are lucrative targets for hackers because of the exceptionally sensitive patient information they store. This data can be exploited to demand substantial ransoms.

In recent months, there has been a surge in ransomware and extortion groups focusing on healthcare institutions, exemplified by Rhysida’s attacks on both Prospect Medical Holdings in the USA and Madeira Health Service (Sesaram).

If you want to keep up to date with everything we post, don’t forget to follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE