Ransomware victim disclosure
← All victimsZiv Medical Center
listed as ZIV Hospital · Claimed by Malekteam · listed 3 years ago
Status timeline
- ListedDec 24, 2023
- Data leakeddate unknown
At a glance
- Group
- Malekteam
- Status
- Data leaked
- Country
- Israel
- Sector
- Healthcare
- Listed on leak site
- Dec 24, 2023
- Records
- 300.000 patients
About the victim
AI dossier — public-source company profileZiv Medical Center is a hospital located in Safed in northern Israel. It provides general medical and surgical services to patients in the region.
- Industry
- Healthcare — Hospital
- Address
- 1 Rambam Street, Safed, Israel
Attack summary
Severity: critical — Alleged exfiltration of sensitive personal health information at massive scale (300,000+ patients), including PII, medical records, and genetic/biological data. This constitutes regulated health data under Israeli law and international standards (HIPAA-equivalent). Healthcare data breaches of this magnitude affecting identified individuals pose severe privacy and safety risks.The malekteam group claims to have exfiltrated patient data from Ziv Medical Center, including records for over 300,000 patients and companions. The group alleges they obtained names, identity numbers, contact information, medical histories, genetic codes, DNA and RNA data.
Data the group says was taken
AI dossier — extracted from the leak post- Patient names
- Identity numbers
- Contact numbers and emails
- Medical diagnoses and medications
- Genetic codes
- DNA samples
- RNA samples
What the group claims
The ZIV medical center in northern Israel, in Safed, hacked by Malek team 🔥 based on this successful cyber attack, we have the information of more than 300,000 patients and companions ☠️documents including:🩸 names & identity numbers,🩸 contact numbers and emails,🩸 types of diseases and drugs,🩸 genetic codes of patients,️🩸 their DNAs & RNAs,🩸 & etc ...MALEK TEAM has everything 🔪🩸
Sources
- Victim siteziv.org.il
- Leak posthttp://195.14.123.2/ziv.html
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

