Cyber Incident Victim: Azienda Ospedaliera Santa Maria clinic
Date:
Aug 2016
Location:
Italy
Summary
Hacktivist groups Anonymous Italia and AntiSec-Italia breached four Italian healthcare organizations, including Azienda Ospedaliera Santa Maria clinic, as part of their #OpSafePharma campaign protesting national ADHD treatment policies favoring medication over alternative therapies. The attackers defaced public websites, leaked internal communications, employee CVs, patient application scans, and inventory documents, with cybersecurity analysts assessing the 2.5 GB data dump as opportunistic rather than strategically coordinated. This followed earlier campaign phases involving DDoS attacks against health authorities and data breaches targeting medical institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The incident involving Italian healthcare organizations, including Azienda Ospedaliera Santa Maria clinic, began as part of a hacktivist campaign named #OpSafePharma launched in March 2016 by Anonymous Italia and AntiSec-Italia. These groups targeted Italy's healthcare sector to protest government recommendations for prescribing heavy doses of ADHD medication as a first-line treatment, advocating instead for mandatory alternative therapies before medication. The campaign's initial phase involved distributed denial-of-service (DDoS) attacks against the Ministry of Health, the Higher Institute of Health, and multiple local health authorities. This was followed by database breaches at AIFA (Italian Association of ADHD Families) and an Italian Red Cross branch, orchestrated by an Anonymous member using the alias Artek, who was arrested by Italian police on March 30, 2016. The operation escalated on June 1, 2016, with #OpSafePharma 2.0, during which Anonymous leaked data from the National Institute of Health.
In August 2016, the campaign entered its third phase, breaching four healthcare organizations—including Azienda Ospedaliera Santa Maria clinic—through server intrusions and website defacements. On August 21, Anonymous Italia leaked approximately 2.5 GB of data from two of the four targeted clinics, which cybersecurity firm SenseCy analyzed as containing internal communications, inventory records, employee CVs, and scanned patient applications. The attackers promoted the data dump on social media, framing it as a protest against pharmaceutical industry influence on medical practices. SenseCy assessed the breaches as opportunistic rather than part of a tightly coordinated campaign, noting the use of standardized hacktivist tactics. No specific containment measures by the affected clinics were detailed in available reports, though law enforcement had previously intervened by arresting Artek during the initial phase. The leaks exposed sensitive operational and patient data, though the full scope of organizational impacts remains undocumented in public sources.