AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Implications and repercussions of the serious cyberattack on the Lazio NHS

Consequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

The Privacy Authority has fined LAZIOcrea, the Lazio Region and the ASL Roma 3 a total of 401,000 euros following a ransomware cyberattack on the Lazio healthcare system in 2021, highlighting serious deficiencies in data security.

This pill is also available in Italian language

In the event of a significant cyberattack that affected the healthcare system of the Lazio Region between 31 July and 1 August 2021, the Privacy Authority imposed sanctions for a total of 401,000 euros against three responsible parties: LAZIOcrea , the Lazio Region itself and the ASL Roma 3. These fines, of 271,000, 120,000 and 10,000 euros respectively, were applied following in-depth investigations into the incident, which saw a large interruption of services due to a ransomware attack.

Details of the cyber attack and its effects on the health service

The attack, carried through a laptop of a regional employee, led to a paralysis of the services provided by the health network, preventing medical bookings, payments for services, the collection of clinical documentation and the registration of vaccinations. The outage ranged from a minimum of 48 hours to several months, with a significant impact on the data processing of millions of citizens, demonstrating the substantial vulnerability of the IT systems involved.

Violations of privacy legislation and consequences of the attack

The investigations revealed that LAZIOcrea and the Lazio Region, despite their different roles, showed serious deficiencies in data security, mainly due to outdated systems and the absence of preventive measures against similar breaches. The attack caused the inaccessibility of approximately 180 virtual servers, and LAZIOcrea's choice to deactivate all systems to prevent further damage further aggravated the situation, highlighting the lack of effective protocols for identifying and containing malware.

Responsibility in managing the data breach

According to the Authority, LAZIOcrea did not adequately manage the consequences of the data breach, especially as regards the communication and protection of health information processed on behalf of the regional structures. On the other hand, the Lazio Region, as data controller, should have guaranteed more careful supervision of LAZIOcrea, ensuring an adequate level of security. For the ASL Roma 3, the fine of 10,000 euros was determined by the failure to notify the accident, unlike other health entities which promptly informed the authority and the interested parties.

Follow us on Threads for more pills like this

04/14/2024 21:09

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data