Cyber Incident Victim: Azienda Sanitaria Provinciale di Basilicata
Date:
Jan 2024
Location:
Italy
Summary
A cyberattack targeted the regional healthcare system in Basilicata, prompting the establishment of a crisis unit to manage the incident. While systems at the local health authority (ASP) and the IRCCS CROB research hospital were restored without damage, disruptions persisted at the Madonna delle Grazie hospital in Matera, though emergency and urgent care services remained operational. National cybersecurity experts assisted recovery efforts, and regional officials emphasized patient assistance and inter-facility collaboration during the response. The ASP director general acknowledged the impact and assured ongoing resolution efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 28, 2024, a cyberattack disrupted the regional healthcare system of Basilicata, Italy, targeting IT infrastructure managed by ASP Basilicata (Azienda Sanitaria Locale). The attack prompted immediate activation of the regional crisis unit, convened by Governor Vito Bardi alongside health commissioner Francesco Fanelli, health department director general Massimo Mancini, and directors of major healthcare facilities including A.O.R. San Carlo (Potenza), ASP Potenza, IRCCS CROB, and ASP Matera. National cybersecurity agency operatives deployed to the region to assist recovery efforts. Initial assessments indicated no permanent damage to ASP and CROB systems, which returned to normal operations. However, the Madonna delle Grazie hospital in Matera experienced persistent IT disruptions, though emergency and urgent care services remained operational through manual protocols.
Authorities prioritized patient safety, with Governor Bardi instructing healthcare directors to maximize assistance to vulnerable individuals and ensure inter-facility collaboration. ASP Basilicata Director General Antonello Maraldo publicly apologized for service interruptions while confirming efforts to fully restore systems. The crisis unit maintained continuous monitoring of the situation, coordinating with technical teams to mitigate residual impacts at Matera’s facility. No data compromise or specific attacker attribution was disclosed. Healthcare delivery continued under contingency measures, with elective services adapting to manual workflows where necessary. The incident highlighted operational resilience but exposed vulnerabilities in critical infrastructure dependencies during cyber disruptions affecting regional health services.