Cyber Incident Victim: Eitanim Mental Health Center

On or around September 1, 2023, the Eitanim psychiatric hospital, identified as a branch of the Kfar Shaul Mental Health Center located near Jerusalem, experienced a significant operational disruption due to a suspected cyberattack. The Health Ministry of Israel issued a public statement confirming the incident on Tuesday, September 1st. In response to the event, hospital staff were compelled to cease using their standard digital systems and transition entirely to manual operational protocols to maintain the facility's functions. This shift to manual processes was a direct containment measure taken to isolate the disruption and prevent its potential spread to other areas of the hospital's network.

Despite the severe disruption to its administrative and operational computer systems, the core medical functions of the psychiatric hospital were reported to have continued without interruption. The Health Ministry's statement explicitly confirmed that medical treatments provided to patients at the facility were not impacted by the cyber incident. Doctors and medical personnel were able to carry on with patient care and treatment regimens undisrupted, indicating that critical clinical systems may have been segregated from the affected network or that contingency plans for clinical care were effectively implemented.

The management and response to the incident involved a transfer of authority from one government body to another. Initially, the matter was handled by the Health Ministry's internal cyber team. As the situation developed, the handling of the incident was formally transferred to the National Cyber Directorate, Israel's national-level agency responsible for defending against cyber threats. This escalation suggests the incident was considered serious enough to warrant national attention and resources beyond the capacity of the ministry's own team. The official statement did not provide details on the specific reasons for the transfer or the precise timing of when the National Cyber Directorate assumed control of the response effort.

The full scope of the damage caused by the suspected cyberattack remained unclear at the time of the public reporting. The Health Ministry's statement did not elaborate on the extent of the disruption, the specific systems that were compromised, or the nature of any potential data access or exfiltration. It was not publicly confirmed whether patient data or other sensitive information was accessed or stolen during the incident. Furthermore, no individual or group had been identified as responsible for the attack at the time the information was released. The investigation into the attribution and the complete impact of the event was ongoing.

This incident occurred within a broader context of cyber threats targeting the Israeli healthcare sector. In the month preceding the attack on Eitanim, another major medical facility, the Mayanei Hayeshua Medical Center in Bnei Brak, had been the subject of a cyber extortion threat. Hackers claimed to have stolen sensitive medical information pertaining to high-profile individuals, including politicians and rabbis such as Prime Minister Benjamin Netanyahu, and threatened to release this data unless their demands were met. The proximity of these two events highlighted a pattern of cyber aggression against critical healthcare infrastructure in the region, though a direct link between the two incidents was not established by authorities in the immediate aftermath of the Eitanim attack. The primary confirmed consequences of the incident were the operational shift to manual protocols and the involvement of national cybersecurity authorities, while patient care was successfully shielded from any negative effects.