Black Shadow hackers leak medical records of 290,000 Israeli patients
In its second major leak in one day, hacking group Black Shadow uploaded what it said was the Israeli Medical Institute Machon Mor’s comprehensive database of personal information on Tuesday evening, including medical records from some 290,000 patients.
The directory would include information on patients’ blood tests, treatments, gynecologist appointments, CT scans, ultrasounds, colonoscopies, vaccinations for overseas flights, etc.
The documents would include correspondence from patients with requests including medical appointments, the need for procedures and test results.
Earlier on Tuesday, Black Shadow released what it said was the comprehensive database of personal information for users of the Atraf website, an LGBTQ dating service and nightlife index.
The group uploaded the file to a channel on the Telegram messaging app after a $ 1 million digital currency ransom demand to prevent the leak apparently went unpaid.
The group wrote, in broken English, “48 hours over! Nobody sends us money. This is not the end, we have more plans.
The group also posted screenshots of what they said were ransom negotiations. In the footage of the conversations, Black Shadow is said to have refused a ransom of $ 500,000. CyberServe has denied having negotiated with the hackers.
Black Shadow is a group of hackers linked to Iran who use cyberattacks for criminal purposes, according to Hebrew media.
Cyber experts immediately warned against downloading the file the group had posted.
The data leak has raised concern among users of the Atraf site who have not publicly disclosed their sexual orientation or gender identity.
As the ransom deadline passed on Tuesday, the group uploaded the file, which they said contained the names of Atraf users and their locations, as well as the HIV status some users had put on their profiles.
Yoram Hacohen, director of the Israel Internet Association, said: “This is one of the most serious attacks on privacy that Israel has ever seen. Israeli citizens are subjected to cyberterrorism. “
“It is terrorism in every sense of the word and the emphasis must now be on minimizing the damage and suppressing the dissemination of information as much as possible,” Hacohen told the Ynet news site.
He argued that Telegram was partly responsible for the incident and that tech companies should act to limit the spread of private information on their platforms. He also called on Israel to use legal and technological means to remove harmful information online.
The group initially hacked Israeli internet hosting company CyberServe on Friday, dismantling its servers and a number of sites, including Atraf.
On Sunday morning, Black Shadow said in a statement that he was “looking for money” and would not release further information if the ransom was paid within 48 hours.
“If we have $ 1 million in our [digital] portfolio within the next 48 hours, we will not disclose this information and we will not sell it to anyone. It’s the best thing we can do, ”the hacking group said, noting that it was in possession of users’ chat content, as well as event tickets and purchase information.
The hackers said they had not been contacted by anyone from the Israeli government or CyberServe. Hackers said the lack of contact showed it was “obvious [the hack] is not a major problem for them.
Israel’s National Cyber Security Directorate said on Sunday it had previously warned CyberServe it was vulnerable to attacks.
The cyberattack also hit other websites, including Israeli public transport companies Dan; Kavim, a children’s museum; Pegasus tourism company; and Doctor Ticket, a service that could contain sensitive medical data, according to Hebrew media.
Black Shadow claimed responsibility for the attack and posted what he said was customer data, including the names, email addresses and phone numbers of Kavim customers on Telegram.
Hours later, the group said it had not been contacted by authorities or CyberServe. So he released another wealth of information, including data relating to customers of the transport company Dan and a travel agency.
The group raped Israeli insurance company Shirbit in December last year, stealing data. He demanded a million dollar ransom and began leaking the information when the company refused to pay.
The new attack comes after an unprecedented and unclaimed cyberattack that wreaked havoc on Iran’s gas distribution system this week, which Tehran officials blamed on Israel and the United States.
Iran and Israel have engaged in a so-called “shadow war,” including several reported attacks on Israeli and Iranian ships that the two have blamed on each other, as well as cyber attacks.
In 2010, the Stuxnet virus – believed to have been engineered by Israel and its ally the United States – infected Iran’s nuclear program, causing a series of failures in the centrifuges used to enrich uranium.