Cyber Incident Victim: Health Care and Social Assistance

On April 11, 2021, at approximately 5:30 AM, the USL Umbria2 healthcare facility in Terni, Italy, detected malfunctions in its corporate IT systems. Initial investigations revealed the presence of viruses affecting the company network, servers, and personal computers supporting digital services. The disruption impacted administrative operations and healthcare delivery, including infrastructure servers, analysis laboratories, and select hospital functions. By the morning of April 11, the health service issued its first public notice confirming a major system malfunction that disabled the online laboratory report platform and other services. Patients were advised to use hospital and district services only for urgent cases defined by their physicians, though vaccination campaigns and COVID-19 swab operations remained unaffected. Technical teams prioritized restoring critical systems while apologizing for service delays.

The incident was confirmed as a ransomware attack following analysis by the Postal Police, who were summoned to the site on April 11. The attack caused significant operational disruptions, though emergency departments and laboratory activities partially resumed by late April 11 after technicians reactivated a critical server. On April 12, USL Umbria2 published an updated notice detailing the ransomware’s impact, acknowledging slowdowns in patient care but assuring continued pandemic-related services. IT and telecommunications personnel worked to fully restore systems, with infrastructure servers and radiology services among the remaining affected components. The organization reiterated apologies for inconveniences while emphasizing that law enforcement and technical recovery efforts were ongoing. No patient data compromise was reported, and the focus remained on restoring normal operations across administrative and clinical functions.