Cyber Incident Victim: Synlab Italia
Date:
Apr 2024
Location:
Italy
Summary
Synlab Italia experienced a cyberattack disrupting its IT and telephone systems, prompting an immediate shutdown of all national systems to contain the threat. The company established a task force with internal and external experts to restore operations, collaborating with authorities and filing reports with postal police and data protection regulators. Biological samples were secured, and select services—including specialist outpatient visits and physiotherapy—resumed regionally with limitations, while nationwide laboratory activities, sample collection, and report retrieval remained suspended. Emergency contact channels were activated for patient inquiries, and the organization prioritized analyzing its infrastructure and backups to ensure secure recovery, though a full operational timeline remains unclear. Patient data confidentiality measures were emphasized during the restoration process.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 18, 2024, Synlab Italia, a leading provider of diagnostic laboratory services in Italy, suffered a cybercriminal attack targeting its IT and telephone systems during the early morning hours. The company immediately activated a task force composed of internal and external professionals to mitigate impacts and restore operations, collaborating with relevant authorities. Following established cybersecurity protocols, Synlab disabled all Italian IT systems upon detecting the attack to contain potential damage. This shutdown caused nationwide suspension of blood sample collection, laboratory testing, and report retrieval services, significantly disrupting patient care. Biological samples already collected were secured according to regulatory standards, while the company prioritized partial reactivation of outpatient specialist visits and physiotherapy services across select regions within 24 hours.
Regional recovery efforts varied significantly, with Lombardy facilities in Monza and Agrate resuming limited operations for pre-booked appointments by April 20, though excluding specific instrumental tests like holter monitoring and spirometry. Veneto and Trieste locations restored physiotherapy and select specialist consultations, while Liguria gradually reactivated services including gynecology and cardiology across La Spezia and Genova centers by April 23. Emilia Romagna and Lazio facilities offered specialist visits and ultrasounds but suspended all laboratory diagnostics, MRI, and radiology services. Synlab established emergency phone lines for each region—such as +39 379 2203783 for Liguria and +39 3489251363 for Lazio’s Eur-Torrino center—to handle appointment inquiries. The company filed reports with the Postal Police and initiated preliminary notifications to Italy’s Data Protection Authority, though forensic analysis of infrastructure and backups remained ongoing with no confirmed timeline for full restoration. Patient communications emphasized unresolved risks to personal data integrity and apologized for delays in prenatal neoBona test results, while confirming external email systems operated by UK-based SYNLAB Health For You remained uncompromised. Service updates continued through Synlab’s website and social media channels as the task force worked to systematically validate system security before reactivation.