Cyber Incident Victim: Azienda Sanitaria Locale Napoli 3 Sud
Date:
Jan 2022
Location:
Italy
Summary
A cyberattack targeted a major Italian healthcare provider, disrupting critical services including COVID-19 vaccination bookings, test result processing, and medical procedures. The incident caused prolonged website outages and prevented Green Pass updates, forcing quarantined families to remain confined without official recovery validation. While authorities confirmed a system breach without technical specifics, cybersecurity experts suspected ransomware involvement despite no group claiming responsibility. The attack impacted operations across eight hospitals and 13 regional districts, highlighting systemic vulnerabilities from outdated infrastructure and minimal security investments across Italy's fragmented healthcare system. This marked the tenth such incident against national health organizations within five months, exposing persistent cybersecurity deficiencies despite increased pandemic-era digital dependency.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ASL Napoli 3 Sud cyber incident was publicly disclosed by the healthcare facility’s Direzione Sanitaria on January 8, 2022, marking the tenth attack against an Italian healthcare entity within a five-month period. The attack disrupted critical healthcare services across the organization’s operational footprint, which included eight hospitals, 13 regional districts, and six operational call centers. Technical details regarding the attack vector, compromised systems, or data exfiltration were not disclosed by the facility. However, the ASL’s institutional website experienced persistent availability issues beginning January 8, cycling between intermittent uptime and prolonged server unresponsiveness throughout the day.
Service disruptions directly impacted public health operations during the COVID-19 pandemic. Vaccination appointments, test result processing, and Green Pass validation systems became inoperable, preventing thousands of infected citizens from obtaining timely recovery documentation. Medical and surgical activities were suspended indefinitely. No ransomware group claimed responsibility for the attack at the time of reporting, and officials did not confirm whether ransomware was deployed. The ASL communicated service interruptions through its website and Facebook page but provided no remediation timeline or technical recovery details. Cybersecurity analysts highlighted systemic vulnerabilities, including outdated infrastructure and insufficient cybersecurity investments within Italy’s healthcare sector, where only 4% of ICT modernization budgets were allocated to security. The incident underscored operational fragmentation across Italy’s 20 regionally autonomous health services, complicating nationwide cybersecurity coordination.