Cyber Incident Victim: Azienda Ospedaliero-Universitaria di Parma
Date:
Feb 2023
Location:
Italy
Summary
A ransomware attack compromised the Azienda Ospedaliero-Universitaria di Parma's systems, reportedly originating from Russian threat actors who breached Microsoft Exchange email servers before laterally moving to infiltrate the Picture Archiving and Communication System (PACS). The breach exposed sensitive patient data, including clinical imaging and diagnostic reports, raising significant privacy concerns and prompting notification to data protection authorities. While critical healthcare operations were disrupted due to the system compromise, no ransomware group claimed responsibility. The incident underscores vulnerabilities in healthcare infrastructure, with attackers exploiting insufficient protections to access high-value medical data repositories. Investigations focused on mitigating further risks and identifying perpetrators following the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 12, 2023, Azienda Ospedaliero-Universitaria di Parma, a major hospital and academic medical center in Italy's Emilia-Romagna region, suffered a cybersecurity breach reportedly originating from Russian threat actors. The intrusion began with unauthorized access to the organization’s Microsoft Exchange email servers, which served as the initial entry point. Attackers then executed lateral movement across the hospital's network infrastructure, ultimately compromising the Picture Archiving and Communication System (PACS). This specialized medical imaging system stores, manages, and transmits sensitive clinical data including diagnostic images and patient reports integral to medical workflows. The breach directly impacted the hospital's primary data center, affecting critical infrastructure supporting both Ospedale Maggiore (the main hospital) and the University of Parma’s Faculty of Medicine and Surgery. Although no specific threat group claimed responsibility, the incident prompted immediate reporting to Italy’s Data Protection Authority (Garante della Privacy) due to credible concerns about potential theft of highly sensitive patient data.
The compromised systems placed at risk vast volumes of protected health information, personally identifiable data, and clinical records corresponding to the hospital’s extensive patient base across Parma, Piacenza, and Reggio Emilia provinces. With 1,359 beds and over 51,500 annual admissions prior to the incident, the breach threatened data security for a substantial population relying on the facility’s specialized trauma and neurosurgical services. Operational consequences included temporary disruption to medical imaging workflows tied to the PACS environment, though full clinical impact details remained unconfirmed. Authorities launched investigations to attribute the attack and identify security failures while the hospital worked to contain the breach’s spread. Cybersecurity analysts highlighted the incident as part of a growing pattern of attacks targeting Italian healthcare infrastructure, underscoring systemic vulnerabilities in legacy medical IT systems handling sensitive data. No ransomware deployment or explicit financial motives were disclosed, but the potential for data exfiltration and subsequent misuse remained a primary concern driving ongoing forensic analysis. As of March 1, 2023, no substantive updates regarding data recovery, confirmed data loss, or attacker identification had been publicly released by the hospital or investigating bodies.