Cyber Incident Victim: Asl Città di Torino

The ASL Città di Torino experienced a significant cyber incident beginning on or around August 18, 2022, with operational disruptions becoming publicly acknowledged by August 23. The attack targeted the healthcare provider’s IT infrastructure, forcing a widespread shutdown of computer systems across affected hospitals and administrative facilities. Initial evidence pointed to a ransomware attack, as confirmed by Francesco Pensalfini, the ASL’s IT manager, who cited the appearance of a ransom note demanding a multi-million-euro payment as a key indicator. The attack immediately disrupted medical and administrative workflows, with staff unable to access digital systems, leading to the adoption of manual procedures for critical operations. Patients faced severe inconveniences, including the inability to complete mandatory medical examinations for driver’s licenses—a service directly impacted by the IT outage. The ASL’s public communication on August 23 confirmed the attack’s timeline and warned of ongoing service delays due to reliance on paper-based workarounds.

In response, the ASL activated an emergency task force comprising internal technicians and external experts from Italy’s CSIRT (Computer Security Incident Response Team), following national cybersecurity guidelines for such incidents. All corporate IT systems were proactively disconnected to contain the threat, facilitate forensic analysis, and initiate data recovery efforts. The Postal Police also launched a parallel criminal investigation into the attack’s origins and perpetrators. While the ASL prioritized securing sensitive data and restoring applications, no timeline for full recovery was provided in initial statements. The incident remained under active investigation, with lingering operational disruptions affecting a defined subset of healthcare services. Ongoing monitoring and system validation continued as the organization worked to resume normal operations amid unresolved cybersecurity concerns.