Israeli Nursing Homes Under Siege: Latest Cyberattack Reveals Escalating Threats to Healthcare Infrastructure

November 28, 2025 — Israeli nursing homes have become the latest victims in an escalating wave of cyberattacks targeting the nation's healthcare sector, according to a Thursday announcement from the National Cyber Directorate. The attack, which compromised computer services used by multiple nursing facilities and private companies, has triggered a coordinated response from government agencies working to contain the damage and prevent further disruption to vulnerable populations.

Former Trump National Security Adviser John Bolton Indicted: Iran Hacked Email Account Containing Top Secret Information

Federal grand jury charges Bolton with 18 counts of mishandling classified documents as Iranian cyber actors accessed his personal email—part of Tehran’s expanding cyber warfare campaign Former National Security Adviser John Bolton was indicted Thursday by a federal grand jury in Maryland on 18 criminal counts related to the

Breached CompanyBreached Company

The Attack: What We Know

The National Cyber Directorate confirmed that computer services utilized by nursing homes, along with several other private companies, were targeted in an ongoing cyberattack. The incident prompted immediate coordination between the National Cyber Directorate, the Health Ministry, and the Social Affairs Ministry to mitigate potential harm to elderly residents who depend on these facilities for care.

The directorate characterized the situation as under active investigation, while officials have established direct communication channels with affected nursing homes to minimize service disruptions. The attack represents a particularly concerning development given the vulnerability of nursing home populations and their dependence on continuous care services.

Iranian Cyber Actors Target Critical Infrastructure Networks: A Growing Threat

In October 2024, the National Security Agency (NSA), alongside several international cybersecurity bodies, issued a stern warning about a new wave of cyberattacks led by Iranian cyber actors. These malicious campaigns have targeted multiple critical infrastructure sectors, raising concerns about the vulnerabilities faced by essential services worldwide. From healthcare and

Breached CompanyBreached Company

Part of a Broader Campaign

This latest incident fits within a disturbing pattern. There have been dozens of cyberattacks directed at Israeli companies and civilians since the start of 2025, indicating a sustained campaign against the nation's critical infrastructure and private sector.

Security researchers have identified Iranian actors as the likely perpetrators behind many of these attacks. A wave of cyberattacks targeting Israeli companies that provide IT services to businesses across the country, possibly connected to Iran, has been identified. The pattern suggests a sophisticated strategy of targeting IT service providers to gain access to multiple downstream organizations simultaneously.

Iranian Attribution and Tactics

According to the directorate's investigation, the hackers used stolen information to gain access to the targeted systems. This technique, known as credential harvesting, allows attackers to bypass many traditional security measures by using legitimate access credentials obtained through previous breaches or social engineering campaigns.

The attribution to Iranian actors gained credibility after the October Yom Kippur attack on Shamir Medical Center. The unsuccessful cyberattack targeting Shamir Medical Center on Yom Kippur earlier this month, which leaked emails containing sensitive patient information, was deemed by the directorate to be an Iranian attempt to disrupt the hospital's functions.

Iranian Cyber Espionage: Lemon Sandstorm’s Prolonged Attack on Middle East Critical Infrastructure

Introduction Between May 2023 and February 2025, the Iranian state-sponsored hacking group Lemon Sandstorm, also known as Rubidium, Parisite, Pioneer Kitten, or UNC757, conducted a sophisticated and prolonged cyber espionage campaign targeting critical infrastructure in the Middle East. Exploiting vulnerabilities in VPN systems from Fortinet, Pulse Secure, and Palo Alto

Breached CompanyBreached Company

What made the Shamir case particularly revealing was the initial misdirection. Initially, a ransomware group from Eastern Europe claimed responsibility, posting an extortion demand with a 72-hour deadline. However, Israeli authorities later determined that Iranian actors orchestrated the operation. This false flag tactic demonstrates the sophistication of state-sponsored operations attempting to mask their true origins.

Healthcare Sector Vulnerability

The targeting of nursing homes follows a concerning trend of attacks against Israel's healthcare infrastructure. Recent incidents paint a picture of systematic vulnerability:

October 2025: The Shamir Medical Center attack leaked hospital emails from September 25, some containing patient information. According to an initial assessment by the Health Ministry and the National Cyber Directorate, the breach involved email correspondence to and from the hospital. Fortunately, the hospital's primary medical record system, Chameleon, remained secure.

September 2023: Kfar Shaul Mental Health Center in Jerusalem was hit by ransomware that encrypted part of its servers, forcing staff to switch to manual procedures.

December 2023: Ziv Medical Center in Safed was also forced to disconnect systems after a cyberattack disrupted operations until recovery was completed.

These attacks collectively reveal healthcare as a priority target, likely due to the sector's critical nature, the sensitivity of patient data, and historically weaker cybersecurity postures compared to other industries.

Iranian Interference in the 2024 U.S. Election: A Comprehensive Overview

Recent allegations have surfaced regarding Iranian interference in the 2024 U.S. presidential election, specifically targeting Donald Trump’s campaign. This situation has sparked significant controversy and concern about foreign influence in American politics. Background of the Allegations Donald Trump recently tweeted accusations that Iran was caught spying on his campaign

Breached CompanyBreached Company

The Broader Threat Landscape

Beyond infrastructure attacks, Iranian cyber operations have expanded to include sophisticated targeting of individuals. Since the start of 2025, Israel has thwarted dozens of Iranian cyberattacks targeting prominent civilians, including security officials, politicians, academics, journalists, and media professionals. These operations aim to collect intelligence that could facilitate physical attacks within Israel.

Yossi Karadi, head of the National Cyber Directorate, emphasized the severity of healthcare targeting: "In the case of Shamir Medical Center, beyond the data leak, the very attempt to harm a hospital in Israel is a red line that could have endangered lives".

Response and Mitigation

The coordinated government response to the nursing home attacks demonstrates improved institutional preparedness following previous incidents. Quick communications and a hasty, focused response prevented broader harm to the economy by containing the incidents quickly and efficiently, according to Karadi.

Iran’s Cyber Warfare: The Hack on the Trump Campaign and the Blowback on Iran’s Infrastructure

In the shadowy world of cyber warfare, where nation-states wield keyboards instead of swords, the recent confrontation between Iran and the United States highlights the growing complexity and danger of digital conflicts. The most recent chapter in this ongoing saga involved Iran’s hacking of the Trump campaign, followed by

Breached CompanyBreached Company

In recent years, the health system has tightened its information security policy, implementing measures including stricter access management, network segmentation, isolated backup systems, real-time monitoring, and specialized staff training.

The directorate has urged heightened public awareness and immediate reporting of suspicious activity, recognizing that human vigilance remains a critical defense layer against sophisticated cyber threats.

Strategic Implications

The targeting of nursing homes represents a potential escalation in cyber warfare tactics. These facilities house some of Israel's most vulnerable citizens—elderly individuals often dependent on continuous medical care and support services. Any disruption to their operations could have immediate life-threatening consequences.

“Good Luck Mr. Mustache”: Iranian Hackers Mocked Bolton While Threatening to Leak Top Secret Files

Newly unsealed search warrant reveals Iranian cyber actors taunted former National Security Advisor John Bolton about compromised classified documents, highlighting the human element of state-sponsored cyber extortion campaigns Executive Summary Newly unsealed FBI affidavits reveal that Iranian hackers who breached former National Security Advisor John Bolton’s personal AOL email account

Breached CompanyBreached Company

The attacks also highlight the challenge of supply chain security. More than ten private firms have faced cyberattacks, often exploiting vulnerabilities in digital service providers within supply chains. This approach allows attackers to compromise multiple organizations simultaneously by breaching a single shared service provider.

Looking Forward

As investigations continue into the nursing home attacks, several critical questions remain: How many facilities were affected? Was any resident care compromised? Were medical records accessed? And most importantly, what additional security measures will be implemented to protect these vulnerable populations?

The pattern of attacks throughout 2025 suggests that Israeli healthcare infrastructure will remain a priority target for adversaries. The ongoing coordination between the National Cyber Directorate, Health Ministry, and affected organizations will be crucial in preventing future incidents and ensuring that critical care services remain resilient against cyber threats.

The Cyber Proxy War: How Israel and Iran Are Fighting Through Hacktivist Coalitions

As tensions escalate between Israel and Iran, a shadow war is being fought in cyberspace by dozens of hacktivist groups serving as digital proxies. From coordinated DDoS attacks to infrastructure sabotage, this parallel conflict reveals how modern warfare has evolved beyond traditional battlefields. On June 13, 2025, as Israeli jets

Breached CompanyBreached Company

For nursing homes and healthcare providers, the message is clear: cybersecurity can no longer be treated as an IT issue alone—it's a patient safety imperative that requires executive-level attention, adequate resources, and continuous vigilance.

Organizations experiencing suspicious cyber activity are encouraged to immediately contact the National Cyber Directorate and implement their incident response procedures.

Digital Siege at Sea: The Escalating Cyber War Against Iran’s Maritime Empire

Executive Summary In the digital age, warfare has expanded beyond traditional battlefields to encompass the invisible realm of cyberspace, where a single compromised computer system can paralyze entire fleets. The ongoing cyber campaign against Iran’s maritime operations represents one of the most sophisticated and sustained digital sieges in modern history,

Breached CompanyBreached Company