Cyber Incident Victim: Azienda Sanitaria Locale 'Città di Torino'
Date:
Aug 2022
Location:
Italy
Summary
A cyberattack targeted Azienda Sanitaria Locale 'Città di Torino', resulting in partial data exfiltration from its systems, compromising confidentiality and accessibility. The attack was promptly contained with emergency security measures supported by specialized firms, the Postal Police, and the National Cybersecurity Agency. Operational disruptions necessitated manual procedures, causing potential delays in service delivery, though critical functions including emergency care, outpatient visits, surgeries, laboratory and radiology requests, medical supply distribution, and payment systems remained operational. Radiology report retrieval was limited to in-person collection at designated offices. Ongoing investigations and verification activities continued following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 19, 2022, Azienda Sanitaria Locale 'Città di Torino' suffered a criminal cyberattack that disrupted its digital infrastructure, forcing the organization to implement manual operational procedures. The incident immediately impacted service delivery, with the healthcare provider warning citizens of potential delays and inconveniences across multiple departments. Emergency response systems were prioritized, with all Pronto Soccorso (Emergency Department) informatized systems restored to functionality following the attack. Scheduled medical services including outpatient visits, hospital consultations, territorial healthcare appointments, surgical interventions, and inpatient admissions continued without cancellation. Diagnostic services maintained partial functionality through centralized request systems for laboratory tests and radiology exams ordered by hospital departments, though radiology report retrieval was limited to physical collection at Radiology Secretariats.
The attack resulted in partial data exfiltration from certain ASL systems, potentially compromising confidentiality and accessibility of sensitive information according to analysis conducted by the National Cybersecurity Agency's working group. Containment measures were implemented on August 19 itself, with the organization blocking the attack and initiating extraordinary security protocols through collaboration with cybersecurity specialists, the Postal Police, and national authorities. Emergency procedures addressed critical medical supply chains, ensuring continued provision of specialized nutritional products, laryngectomy materials, monthly catheter/stoma renewals, and direct supplies for recently discharged hospital patients. All corporate "Punti Rossi" payment points remained operational for ticket collection. Verification activities and system security enhancements continued through at least September 8, 2022, with the organization maintaining public communication channels including a dedicated certified email address ([email protected]) for cybersecurity matters. Service restoration efforts focused on maintaining essential healthcare operations while investigating the full scope of data compromise.