AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Implications and repercussions of the serious cyberattack on the Lazio NHS

Consequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

The Privacy Authority has fined LAZIOcrea, the Lazio Region and the ASL Roma 3 a total of 401,000 euros following a ransomware cyberattack on the Lazio healthcare system in 2021, highlighting serious deficiencies in data security.

This pill is also available in Italian language

In the event of a significant cyberattack that affected the healthcare system of the Lazio Region between 31 July and 1 August 2021, the Privacy Authority imposed sanctions for a total of 401,000 euros against three responsible parties: LAZIOcrea , the Lazio Region itself and the ASL Roma 3. These fines, of 271,000, 120,000 and 10,000 euros respectively, were applied following in-depth investigations into the incident, which saw a large interruption of services due to a ransomware attack.

Details of the cyber attack and its effects on the health service

The attack, carried through a laptop of a regional employee, led to a paralysis of the services provided by the health network, preventing medical bookings, payments for services, the collection of clinical documentation and the registration of vaccinations. The outage ranged from a minimum of 48 hours to several months, with a significant impact on the data processing of millions of citizens, demonstrating the substantial vulnerability of the IT systems involved.

Violations of privacy legislation and consequences of the attack

The investigations revealed that LAZIOcrea and the Lazio Region, despite their different roles, showed serious deficiencies in data security, mainly due to outdated systems and the absence of preventive measures against similar breaches. The attack caused the inaccessibility of approximately 180 virtual servers, and LAZIOcrea's choice to deactivate all systems to prevent further damage further aggravated the situation, highlighting the lack of effective protocols for identifying and containing malware.

Responsibility in managing the data breach

According to the Authority, LAZIOcrea did not adequately manage the consequences of the data breach, especially as regards the communication and protection of health information processed on behalf of the regional structures. On the other hand, the Lazio Region, as data controller, should have guaranteed more careful supervision of LAZIOcrea, ensuring an adequate level of security. For the ASL Roma 3, the fine of 10,000 euros was determined by the failure to notify the accident, unlike other health entities which promptly informed the authority and the interested parties.

Follow us on Threads for more pills like this

04/14/2024 21:09

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon