Cyber Incident Victim: Azienda Ospedaliera Universitaria Integrata Verona
Date:
Oct 2023
Location:
Italy
Summary
Azienda Ospedaliera Universitaria Integrata Verona suffered a cyberattack disrupting internal telephone lines, internet-dependent data networks, and online services, including reservation systems, payment terminals, and blood donation bookings. Emergency procedures isolated servers, preventing operational impacts on medical departments and emergencies, with initial assessments indicating no compromise of sensitive patient data due to pre-attack backups. Technicians are actively restoring systems, while citizens are advised to avoid collection centers without reservations and limit emergency room access to critical cases. The incident caused widespread service interruptions across the province, though no threat actor has claimed responsibility.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2023, Azienda Ospedaliera Universitaria Integrata Verona (AOUI Verona) experienced a disruptive cyberattack that began during nighttime hours, with initial alerts triggered in the early morning. The hospital activated emergency protocols immediately upon detection, isolating servers and securing critical systems to prevent operational collapse. These containment measures successfully preserved core departmental functions and emergency services, avoiding immediate clinical disruptions. Preliminary analysis indicated no compromise of sensitive patient data, with confirmation that routine backup procedures had completed normally prior to the intrusion. However, the attack severely degraded infrastructure components dependent on internet connectivity, including internal telephone systems and substantial portions of the data network. This caused cascading service interruptions across Verona province, particularly affecting online appointment booking systems (CUP), automated payment terminals, and reservation kiosks, all of which became inoperable.
The attack’s technical impact created widespread logistical challenges, with hospitals Borgo Trento and Borgo Roma reporting significant operational difficulties. Compromised phone lines prevented blood donation scheduling and hindered internal communications, while citizens faced service restrictions including suspended walk-in access to Collection Centers without prior appointments. Regional President Luca Zaia issued a public alert at 08:29 confirming CUP service suspension and ongoing forensic investigations, though no threat actor had claimed responsibility at the time of reporting. AOUI Verona technicians worked continuously from the incident’s onset to restore systems, prioritizing network segmentation and service recovery despite persistent internet-dependent outages. While emergency departments maintained functionality through contingency protocols, the prolonged unavailability of digital services raised concerns about potential long-term recovery requirements. Public advisories emphasized strict Emergency Room access limitations to genuine emergencies and urged patient cooperation to reduce strain on manual processes implemented during the outage.