Cyber Incident Victim: ASL TO2
Date:
Aug 2016
Location:
Italy
Summary
Anonymous-associated groups Anonymous Italia and AntiSec-Italia breached four Italian healthcare organizations, including a state clinic in Torino, as part of their #OpSafePharma campaign protesting national ADHD treatment guidelines favoring medication over alternative therapies. The attackers defaced websites and exfiltrated approximately 2.5 GB of sensitive data from two clinics, subsequently leaking internal communications, employee resumes, patient application scans, and inventory records. This incident represented an escalation of their ongoing operations against health institutions, transitioning from prior DDoS attacks to direct data compromise. Cybersecurity analysts assessed the breaches as opportunistic rather than strategically coordinated, though aligned with the groups' broader objective to reduce pharmaceutical influence on medical protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 21, 2016, hacktivist groups Anonymous Italia and AntiSec-Italia, affiliated with the broader Anonymous collective, breached four Italian healthcare organizations, including the ASL TO2 state clinic in Torino, as part of their #OpSafePharma campaign. This operation targeted Italy’s healthcare sector to protest government-endorsed ADHD treatment protocols that prioritized prescription medication over alternative therapies. The attackers defaced public websites and exfiltrated data from two of the four organizations, subsequently leaking approximately 2.5 GB of files via social media platforms. The leaked data included internal communications, inventory documents, employee CVs, and scanned patient applications. Cybersecurity firm SenseCy analyzed the breach and characterized it as opportunistic rather than strategically coordinated, noting the attackers likely exploited existing vulnerabilities rather than executing a meticulously planned intrusion. This incident represented the third phase of #OpSafePharma, following earlier campaign stages in March and June 2016 that involved DDoS attacks against the Ministry of Health, the Higher Institute of Health, and local health authorities, as well as breaches at AIFA (Italian Association of ADHD Families) and the Italian Red Cross.
The hacktivists justified their actions as a critique of pharmaceutical industry influence on medical practices, specifically objecting to policies they claimed encouraged high-dose ADHD medication prescriptions without prior exploration of non-pharmaceutical interventions. While the ASL TO2 clinic’s specific operational disruptions were not detailed in available reports, the broader campaign caused reputational damage to affected organizations and exposed sensitive employee and patient data. Italian law enforcement had previously arrested an Anonymous operative using the alias "Artek" in March 2016 for involvement in earlier #OpSafePharma attacks, but no arrests or containment measures related to the August breaches were publicly documented. The leak’s impact extended beyond immediate service interruptions, potentially compromising patient privacy and organizational integrity through the exposure of internal documents and personal information. SenseCy’s assessment underscored the incident’s alignment with hacktivist tactics of leveraging low-effort breaches for ideological messaging rather than sophisticated, targeted cyberespionage.