Black Shadow hackers leak medical records from 290,000 Israeli patients

In its second major leak in one day, the Black Shadow hacker group on Tuesday night uploaded what it said was the full database of personal information from Israel’s Machon Mor medical institute, including medical records for about 290,000 patients.

The guide allegedly contains information about patients’ blood tests, treatments, appointments for gynecologists, CT scans, ultrasounds, colonoscopies, vaccinations for flights abroad and much more.

The documents allegedly include correspondence from patients with requests, including medical appointments, the need for procedures and test results.

Earlier Tuesday, Black Shadow released what it said was the full database of personal user information from the Atraf website, an LGBTQ dating service and nightlife index.

The group uploaded the file to a channel on the Telegram messaging app following a $ 1 million ransom demand in digital currency to prevent the leak from being apparently paid for.

The group wrote, in broken English, “48 hours ended! No one is sending us money. This is not the end, we have more plans.”

The group also posted screenshots of what it said were bargaining negotiations. In the photos of the conversations, Black Shadow allegedly rejects a ransom of $ 500,000. CyberServe denied having negotiated with the hackers.

Black Shadow is a group of Iran-affiliated hackers who use cyber attacks for criminal purposes, according to Hebrew media.

Cyber ​​experts immediately warned against downloading the file that the group had released.

The data leak has caused concern among those users of the Atraf site who have not publicly revealed their sexual orientation or gender identification.

When the redemption deadline expired on Tuesday, the group uploaded the file, which they said contained the names of Atraf users and their locations, as well as the HIV status that some users had put on their profiles.

Yoram Hacohen, head of the Israel Internet Association, said: “This is one of the most serious privacy attacks Israel has ever seen. Israeli citizens are experiencing cyberterrorism.”

“This is terrorism in every sense, and the focus now must be on minimizing the damage and suppressing the distribution of information as much as possible,” Hacohen told news site Ynet.

He argued that Telegram was partly responsible for the incident and that technology companies should act to limit the spread of private information on their platforms. He also urged Israel to use legal and technological means to remove malicious information online.

The group had originally hacked the Israeli CyberServe internet hosting company on Friday by shutting down its servers and a number of websites, among them Atraf.

Sunday morning, Black Shadow said in a statement that it was “looking for money” and would not leak further information if the ransom was paid within 48 hours.

“If we have $ 1 million in ours [digital] wallet within the next 48 hours, we will not leak this information, nor will we sell it to anyone. This is the best thing we can do, ”said the hacker group, noting that it was in possession of users’ chat content, as well as event tickets and purchase information.

A person speaks on their phone during an annual Gay Pride parade in Jerusalem on June 3, 2021. (Olivier Fitoussi / Flash90)

The hackers said they had not been contacted by anyone in the Israeli government or CyberServe. The hackers said the lack of contact showed it was “obvious [the hack] is not an important issue for them. ”

Israel’s National Cyber ​​Directorate said on Sunday that it had previously warned CyberServe that it was vulnerable to attacks.

The cyber attack also hit other websites, including the Israeli public transport companies Dan; Kavim, a children’s museum; tourism company Pegasus; and Doctor Ticket, a service that could have sensitive medical data, according to Hebrew media.

Black Shadow claimed responsibility for the attack and released what it said was client data, including the names, email addresses and phone numbers of Kavim clients on Telegram.

Hours later, the group said it had not been contacted by authorities or CyberServe, so it released yet another amount of information, including what it said was data regarding customers from the Dan transport company and a travel agency.

The group broke Israel’s Shirbit insurance company last December and stole data. It demanded a ransom of $ 1 million and began leaking the information when the company refused to pay.

The new attack comes after an unprecedented, unannounced cyber attack that this week wreaked havoc on Iran’s gas distribution system, blamed by Tehran officials on Israel and the United States.

Iran and Israel have been involved in a so-called “shadow war”, including several reported attacks on Israeli and Iranian ships, which the two have blamed on each other, as well as cyber attacks.

In 2010, the Stuxnet virus – believed to have been constructed by Israel and its ally the United States – infected Iran’s nuclear program, causing a series of crashes in centrifuges used to enrich uranium.

You’re serious. We appreciate that!

That’s why we come to work every day – to give discerning readers like you must-read coverage of Israel and the Jewish world.

So now we have a request. Unlike other news media, we have not created a payment wall. But since the journalism we do is expensive, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel Community.

For as little as $ 6 a month, you can help support our quality journalism while enjoying The Times of Israel AD-FRI, as well as access to exclusive content available only to members of the Times of Israel Community.

Join our community Join our community Are you already a member? Log in to stop seeing this

Leave a Comment