https://cybercourt.iohttp://t.me/makhlab-al-nasrisraeli national health insurance, they now seem to have taken a bunch of sites down and blocked non-israeli access to the existing ones so it appears to be legit. Roughly 8 million records is 90%+ of their population, but the group has only released two samples (28k and 30k) to prove legitimacy. If true this is going to be hugely embarrassing when their actual casualty data is released.
Further it contains personal information such as names, addresses and identifying documents for many of the users.
For the attack itself it appears that they didn't keep their network security infrastructure up to date; the F5 Big-IP box they used as a firewall/gateway had an exploit (
from late last year) that allows an external user to run system commands without being authenticated, which allowed them to create and use an admin account. They then appear to have used an MSSQL exploit to get an AD account to be able to use remote desktop, but I can't find anything on the AK-EXP script they ran for that.