AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Implications and repercussions of the serious cyberattack on the Lazio NHS

Consequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

The Privacy Authority has fined LAZIOcrea, the Lazio Region and the ASL Roma 3 a total of 401,000 euros following a ransomware cyberattack on the Lazio healthcare system in 2021, highlighting serious deficiencies in data security.

This pill is also available in Italian language

In the event of a significant cyberattack that affected the healthcare system of the Lazio Region between 31 July and 1 August 2021, the Privacy Authority imposed sanctions for a total of 401,000 euros against three responsible parties: LAZIOcrea , the Lazio Region itself and the ASL Roma 3. These fines, of 271,000, 120,000 and 10,000 euros respectively, were applied following in-depth investigations into the incident, which saw a large interruption of services due to a ransomware attack.

Details of the cyber attack and its effects on the health service

The attack, carried through a laptop of a regional employee, led to a paralysis of the services provided by the health network, preventing medical bookings, payments for services, the collection of clinical documentation and the registration of vaccinations. The outage ranged from a minimum of 48 hours to several months, with a significant impact on the data processing of millions of citizens, demonstrating the substantial vulnerability of the IT systems involved.

Violations of privacy legislation and consequences of the attack

The investigations revealed that LAZIOcrea and the Lazio Region, despite their different roles, showed serious deficiencies in data security, mainly due to outdated systems and the absence of preventive measures against similar breaches. The attack caused the inaccessibility of approximately 180 virtual servers, and LAZIOcrea's choice to deactivate all systems to prevent further damage further aggravated the situation, highlighting the lack of effective protocols for identifying and containing malware.

Responsibility in managing the data breach

According to the Authority, LAZIOcrea did not adequately manage the consequences of the data breach, especially as regards the communication and protection of health information processed on behalf of the regional structures. On the other hand, the Lazio Region, as data controller, should have guaranteed more careful supervision of LAZIOcrea, ensuring an adequate level of security. For the ASL Roma 3, the fine of 10,000 euros was determined by the failure to notify the accident, unlike other health entities which promptly informed the authority and the interested parties.

Follow us on Twitter for more pills like this

04/14/2024 21:09

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately