CLALIT Health Services, the largest health maintenance organisation in Israel, is investigating a suspected cyberattack after an Iranian-linked hacking group called Handala claimed it breached the insurer’s systems and published thousands of documents containing patients’ personal information.
The group has posted thousands of documents online, including medical referral forms known as Form 17, a payment authorisation required for certain treatments, sick leave certificates, test referrals and internal correspondence. Some materials appear to include personal details of patients and Clalit employees, as well as communications with the human resources department.
In a statement published online, the group claimed it had exposed sensitive medical information belonging to more than 10,000 patients and warned of further action. The disclosure follows claims of the breach and publication of patient files, prompting Clalit to probe the suspected cyberattack as investigators assess the scope and potential impact on affected individuals. The report was published on 25 February 2026.