Cyber Incident Victim: Azienda USL di Modena
Date:
Nov 2023
Location:
Italy
Summary
A ransomware attack severely disrupted healthcare services for a regional provider in Modena, forcing widespread operational limitations. Critical impacts included suspended appointment booking systems, blocked access to lab results, and paused outpatient blood collection services, with diagnostic imaging and mammography screenings delayed. Emergency care, chemotherapy, and select vaccinations continued under contingency protocols, while temporary phone lines were established for public inquiries and mental health support. IT teams collaborated with national cybersecurity authorities to gradually restore systems under strict safety protocols, prioritizing secure reactivation of services. Patients were advised to bring physical documentation for appointments as digital health records remained inaccessible during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 29, 2023, Azienda USL di Modena (AUSL Modena) experienced a disruptive cyberattack affecting IT systems across three Modenese healthcare organizations, including AUSL Modena, Azienda Ospedaliero Universitaria di Modena, and Ospedale di Sassuolo Spa. The attack forced the immediate suspension of critical digital services, including the appointment booking system for medical visits and exams, rendering patients unable to schedule, modify, or cancel appointments through pharmacies, call centers, the ERsalute app, or in-person counters. Laboratory test results became unavailable for download from the AUSL website or retrieval from pharmacies and USL offices. The attack also halted operations at blood collection points, except for hospitalized patients' emergencies, and disrupted first-level mammography screenings under the breast cancer screening program, though second-level diagnostic follow-ups and clinical senology services at the Policlinico hospital resumed.
AUSL Modena implemented contingency measures to prioritize critical care while technicians worked to restore systems under strict protocols from Italy’s Computer Security Incident Response Team (CSIRT) and the National Cybersecurity Agency (ACN). By December 4, partial service restorations included reactivated phone lines for home nursing care (SADI), resumption of anticoagulant therapy (TAO) blood draws for home care patients, and near-complete pediatric vaccinations at community clinics—though parents had to provide paper appointment slips, health cards, and physical vaccine records. Chemotherapy for urgent oncology cases continued at the Policlinico and other Ausl-managed hospitals, while radiotherapy services faced delays due to limited operational equipment. The public hygiene service maintained seasonal influenza, COVID-19, and tetanus vaccinations but could not access digital vaccine certificates. Temporary phone numbers were established for public relations offices, mental health departments, and community health centers to mitigate communication breakdowns. AUSL suspended penalties for missed appointment cancellations until further notice and advised citizens to rely on primary care physicians for non-urgent needs to reduce pressure on emergency services. Recovery efforts focused on gradual, secure reactivation of systems, with plans to reschedule all postponed appointments once technical conditions permitted.