Gruppo MultiMedica

Multimedica, also known as Gruppo MultiMedica, is an Italian healthcare provider operating hospital facilities, including locations in Milan and Sesto San Giovanni. The organization delivers a broad spectrum of medical services to its local communities, encompassing emergency room care, outpatient consultations, and the management of patient medical records and appointment scheduling systems. Its clinical offerings extend to essential, specialized treatments such as obstetrics, dialysis, and chemotherapy, which are critical for ongoing patient care. The provider's operational footprint is centered on these key facilities, forming a significant part of the regional healthcare infrastructure by ensuring access to both urgent and scheduled medical interventions. Daily functions rely heavily on integrated information technology systems to coordinate patient flow, maintain clinical documentation, and support therapeutic programs across its service lines. This integration underscores its role as a vital node in the local health network, where system continuity directly impacts public health outcomes and patient access.

In April 2023, the organization suffered two successive ransomware attacks that caused severe operational disruption. The initial incident on April 21 forced the suspension of all outpatient services, emergency room activities, and the collection of medical reports, though critical services including obstetrics, dialysis, and chemotherapy continued to function. A subsequent attack on April 25 further exacerbated the crisis, knocking all hospital systems and the public website offline, which excluded the Milan and Sesto San Giovanni emergency rooms from the 118 national ambulance dispatch circuit. This dual assault prevented staff from accessing patient records and halted new appointment bookings, creating significant barriers to patient care and safety. Multimedica engaged a task force to restore clinical operations and collaborated with law enforcement to investigate the breaches, though no definitive timeline for a full recovery was established. The attacks highlighted the acute vulnerability of healthcare IT infrastructure to cyber threats and the cascading effects such incidents have on essential service delivery.