In this weekly update, we examine a bunch of news from the Middle East and Africa. Another data breach struck a healthcare facility in the UAE, continuing a series of attacks on the medical industry. Morocco is again in the news, as criminals have breached two companies there, exposing a large trove of sensitive data.

Malicious actors continue to target UAE’s companies. This time the American Hospital in Dubai (AHD) fell victim to the attack. Adversaries were able to exfiltrate 4 TB of data, reportedly the entire Oracle Health database with 450 million records. According to the reports, 4.6 million individuals were affected by the data breach.

AHD has not yet issued an official statement regarding the incident. According to reports from journalists, at least some of the leaked records date back to the first quarter of 2025. Stolen records allegedly include:

• Personal details and demographic data,
• Emirates ID numbers,
• Clinical records,
• Internal financial data,
• Billing histories.

Such incidents, resulting into loss of sensitive health and financial information can lead to severe damage to the ongoing business processes.

Organizations must notify authorities about the breach within 72 hours of discovering the incident under the UAE's Personal Data Protection Law. If a company fails to notify authorities about the breach, it can lead to legal fines and financial losses associated with notifying individuals, potential compensation claims, and disruptions to its operations.

While another Middle Eastern healthcare organization was hacked, similar news comes from Africa. Multiple reports indicate that criminals continue to attack government and business organizations in Morocco. There are rumors that malicious actors gained access to the National Agency for Land Conservation, Cadastre, and Cartography (ANFC). Leaked files contain information about citizens' personal information and property documents.

Initially, criminals claimed to have stolen 4 million files, including 10,000 property certificates and 20 different types of documents, such as:

• ID cards,
• Passports,
• Bank statements,
• And civil status records.

However, the investigation found that the ANCFCC had not been compromised. The General Directorate of Information Systems Security (DGSS) stated that the data breach had only affected the tawtik.ma platform, used by the National Council of Notaries, and that criminals had accessed a limited number of documents, rather than a full-size database. In response to the incident, the authorities took down the tawtik.ma platform to identify and resolve the security issues.

This incident is the second major data breach in Morocco this year, following the breach at the National Social Security Fund (CNCC). The criminals stole more than 54,000 documents during the CNCC breach, exposing information about nearly two million people.

At the same time that the General Directorate of Information Systems Security was investigating a potential incident involving the ANFCCC, another Moroccan company was attacked by criminals. According to reports, Best Profil, a leading Moroccan HR company, was compromised by the attackers. Preliminary investigations indicate that the attackers stole 26 gigabytes of sensitive data from the company.

The exposed information included internal data and personal records from Best Profil, such as:

• contracts,
• financial data,
• human resources documents.

Researchers estimate that the value of the exposed documents could be around $10 million.

We have recently seen an increase in information security incidents in Africa and the Gulf region, where criminals are targeting healthcare companies and government entities, which process large volumes of sensitive data, including personal and financial information. Businesses and government agencies should address these challenges by implementing robust security measures.

Building a reliable security architecture from scratch can be quite challenging. It requires hiring specialists with the necessary expertise, investing in expensive hardware, and purchasing expensive software licenses. This process demands significant resources, both in terms of financial expenses and employees' labour investments.

To address these challenges, SearchInform has developed the Managed Security Service (MSS). It provides access to top-tier information security experts, a comprehensive package of security software that can be deployed on the cloud infrastructure, and swift support service. MSS relieves your security team's burden and allow you to focus on developing your business without worrying about security issues.

Start your free 30-day trial now!