Cyber Incident Victim: ASL5 La Spezia
Date:
Feb 2023
Location:
Italy
Summary
A cybersecurity incident disrupted healthcare services at an Italian medical provider in La Spezia, leading to the cancellation of multiple scheduled radiotherapy sessions. The organization initiated an internal IT investigation to assess system integrity, with specific focus on verifying the safety and functionality of radiotherapy control software. Patients affected by service interruptions were notified about rescheduling procedures while infrastructure reviews were prioritized to ensure treatment security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 20, 2023, the ASL5 healthcare agency in La Spezia, Italy, experienced a significant cyberattack that disrupted critical medical services. The attack forced the cancellation of all radiotherapy treatment sessions scheduled between February 20 and February 25 across the agency’s facilities, directly impacting patient care delivery. Agency management immediately notified affected patients about the cancellations and committed to rescheduling all appointments, though the exact number of disrupted treatments wasn't specified. Technical teams prioritized securing radiation therapy equipment control systems amidst the ongoing incident, though the full scope of compromised infrastructure remained unclear. The healthcare provider serves approximately 215,406 residents across 665 square kilometers through three administrative districts: District 17 (coastal/rural, 39,934 residents), District 18 (coastal, 106,002 residents), and District 19 (inland, 69,470 residents), with healthcare operations spanning urban and rural areas.
In response to the attack, ASL5 initiated a comprehensive internal investigation coordinated by its Corporate IT Service (Servizio Informatico Aziendale). The investigation specifically targeted the technology infrastructure supporting radiotherapy treatments to verify equipment safety protocols and software integrity, essential for maintaining patient treatment accuracy. No ransomware actions, data theft indicators, or specific threat actor attribution were disclosed publicly during the immediate response phase. The healthcare provider maintained service continuity for non-radiotherapy departments while recovery efforts focused on radiation therapy systems. External cybersecurity monitoring groups like Red Hot Cyber committed to tracking developments but reported no substantial updates regarding attack origins or forensic findings beyond the initial disruption window. Healthcare operations gradually resumed following system validations, though the investigation remained ongoing without public disclosure of root causes or full infrastructure restoration timelines.