Cyber Incident Victim: University of Naples Federico II clinic
Date:
Aug 2016
Location:
Italy
Summary
Hacktivists from Anonymous Italia and AntiSec-Italia breached the University of Naples Federico II clinic and three other Italian healthcare entities, defacing websites and leaking sensitive data including internal communications, employee records, and patient documents. The attack was part of the #OpSafePharma campaign protesting national ADHD treatment guidelines that prioritize medication over alternative therapies. Following earlier disruptions targeting health authorities, this phase involved opportunistic server breaches, resulting in approximately 2.5 GB of data exposure from two clinics, as analyzed by cybersecurity researchers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On August 21, 2016, hacktivist groups Anonymous Italia and AntiSec-Italia, operating under the Anonymous collective, breached four Italian healthcare organizations as part of their #OpSafePharma campaign. This operation specifically targeted entities associated with Italy's ADHD treatment policies, which the groups criticized for prioritizing pharmaceutical interventions over alternative therapies. The attackers defaced public websites and exfiltrated approximately 2.5 GB of data from two clinics, later leaking internal communications, inventory records, employee CVs, and scanned patient applications. Cybersecurity firm SenseCy confirmed the authenticity of the leaked data, characterizing the breaches as opportunistic rather than meticulously coordinated. The University of Naples Federico II clinic was among the affected organizations, though specific technical details of its compromise were not disclosed. This incident represented the third phase of #OpSafePharma, following earlier campaign stages in March and June 2016.
The broader #OpSafePharma initiative began in March 2016 with distributed denial-of-service (DDoS) attacks against Italy's Ministry of Health, Higher Institute of Health, and regional health authorities. Hackers subsequently breached databases at the Italian Association of ADHD Families (AIFA) and an Italian Red Cross branch. Italian law enforcement arrested an individual using the alias "Artek" in connection with these initial attacks on March 30. The campaign resumed on June 1 as #OpSafePharma 2.0, with Anonymous leaking data from the National Institute of Health. The August attacks continued this pattern of escalating intrusions, though SenseCy's analysis suggested diminished operational sophistication compared to earlier phases. While the hacktivists publicly promoted their actions through social media channels, no specific remediation efforts by the victim organizations were documented in available reports. The incident exposed sensitive patient information and disrupted healthcare services, though the full operational impact remained unquantified in public disclosures.