Cyber Incident Victim: Istituto Superiore di Sanità

On March 30, 2016, Italian law enforcement arrested an individual using the pseudonym "Artek" in connection with cyberattacks against Italian healthcare entities. This arrest followed initial operations under #OpSafePharma, a campaign launched earlier that month by Anonymous-affiliated groups Anonymous Italia and AntiSec-Italia. The hacktivists executed distributed denial-of-service (DDoS) attacks against multiple targets including the Ministry of Health, the Higher Institute of Health (Istituto Superiore di Sanità), and several local health authorities. Subsequent breaches compromised databases at the Italian Association of ADHD Families (AIFA) and an Italian Red Cross branch. These actions formed the first phase of a protest against Italy's ADHD treatment protocols, which the groups claimed excessively favored pharmaceutical interventions over alternative therapies for mild cases.

The campaign escalated on June 1, 2016, with #OpSafePharma 2.0, during which attackers exfiltrated and published data from the National Institute of Health. This preceded a third wave on August 21, 2016, when the groups breached four unspecified Italian healthcare organizations, defacing public websites and extracting approximately 2.5 GB of data from two clinics. Leaked materials included internal communications, inventory records, employee resumes, and scanned patient applications, which Anonymous Italia promoted via social media channels. Cybersecurity firm SenseCy analyzed the dumped data, characterizing the August attacks as opportunistic rather than strategically coordinated. The hacktivists maintained their operations aimed to expose perceived collusion between health authorities and pharmaceutical companies regarding ADHD medication prescriptions.