Iran-linked Handala group hacked Israel's largest hospital network

An Iran-linked cyber criminal group has claimed that it successfully targeted Clalit, Israel’s largest state-owned non-profit healthcare organisation, and stole sensitive patient data. 

 

The cyber criminal group, calling itself Handala based on a historical Palestinian figure, claimed this week that it infiltrated the network of the Israeli healthcare giant and exfiltrated the sensitive healthcare information of more than 10,000 patients.

 

"You boast of possessing the most advanced technologies, yet now you helplessly witness the collapse of your security walls," the group wrote in a social media post, adding that the cyber attack had "delivered a devastating blow to the core of the Zionist regime’s healthcare system."

 

"We proudly declare that our action is a legitimate response to decades of occupation, oppression, and human rights violations by the Zionist regime," Handala added.

 

Clalit, which has a membership of about 4.9 million members and runs 14 hospitals, more than 1,600 clinics and over 800 pharmacies, said that after receiving reports of a cyber attack, it immediately launched an investigation to determine the nature of the breached data.

 

"Upon receipt of the report, monitoring and response mechanisms were activated, and proactive preventative measures were taken to strengthen defence, alongside a professional and comprehensive investigation of the information that was publicised, and its extent," the healthcare maintenance organisation said.

 

Handala has actively conducted hacktivism campaigns against the Israeli state, agencies and organisations and is considered to be aligned with the Iranian regime. According to the International Institute for Counter-Terrorism, the group is a sophisticated tool of Iranian psychological warfare, using leak campaigns, phishing, and propaganda to erode morale and project psychological dominance.

 

"The group systematically hacks, exposes, and threatens Israeli political officials, defence-sector personnel, and civilians, while also targeting companies and critical infrastructure, primarily in Israel," the report said. "Over the past year (2025), [Handala] has increasingly shifted from conventional cyber intrusions to targeted influence campaigns designed to erode morale, generate public pressure and drama, and project reach far beyond cyberspace."

 

Earlier in February, the hacker group successfully targeted Israeli Police and claimed that it stole 2.1 terabytes of sensitive data, including 350,000 records worth of personnel records, weapons inventories, medical and psychological profiles, legal case files, weapon permits, and identity documents. 

 

The stolen data also contained email addresses, gun licenses, photographs and personal contact details of officers, classified documents, and personal information about suspects and convicted criminals, including details about sex offender employment permits.

 

In September 2025, the group claimed that it hijacked the ground control stations of Spacecom, the Israeli satellite communications company, and exfiltrated 379 gigabytes of information, including non-disclosure agreements, employee records, satellite logs and other technical data.