In the night between Saturday and Sunday, an attack hit the IT systems of the Lazio Region, and in particular the Data Processing Center (CED), the system that manages the entire regional IT structure. As soon as they became aware of the problem, to avoid the proliferation of the attack and the theft of data, the technicians of the Region deactivated the system, effectively blocking all regional IT services, the most important of which, at this moment, concerns that the management of the vaccination campaign.
What are the problems with the vaccination campaign?
Since Sunday, the Lazio Region website and all the websites linked to regional IT services are unreachable. This primarily concerns the vaccination campaign: the regional platform for booking vaccination appointments is blocked, and it is not possible to make new appointments to get vaccinated.
All other vaccination campaign management systems are also blocked. The registrations of vaccinations carried out, which are usually made on the regional system, from Sunday are made on the national registry, with longer and more cumbersome methods. Alessio D'Amato, the regional councilor for health, said at a press conference on Monday that the delays will be no more than 24 hours. There may also be delays in communicating the results of the swabs, and consequently in the issuance of Green Passes.
What other services are inaccessible?
All other health services managed by the Region. Among other things, from Sunday it is impossible to book specialist visits and scheduled screenings, such as mammograms, are interrupted.
Furthermore, all non-health IT services that usually refer to the Lazio Region are also blocked. Citizens and companies in Lazio cannot pay car tax, or obtain, for example, various health and building authorizations, such as those related to civil engineering.
Who did it, and why?
There are no answers to the “who” for now: the investigations they are dealing with are underway, among others , the postal police and the National Cybercrime Center for the protection of critical infrastructures.
On the “why”, the most plausible reason is that it was an attack carried out with a “ransomware”, ie a malicious software that blocks the victim's data and systems with the aim of obtaining a ransom (ransom, in English) to unlock them. According to the first reconstructions released by Italian newspapers, the hackers were able to obtain access from an employee, and from there they would be able to enter the regional system, inserting the ransomware that encrypted the data of the CED.
It is still unclear whether the Region has received an explicit ransom demand, which is usually found in compromised systems and where payment of a sum of money in bitcoin is required. Nicola Zingaretti, the president of the Lazio Region, said that no “official” request would arrive, but that “an invitation to contact an alleged attacker appears on the web page of the virus”, which was not done. However, Zingaretti said that no ransom will be paid.
Has any data been stolen?
President Zingaretti said at a press conference on Monday that “no health data has been stolen and the financial and balance sheet data have not been touched”. According to the authorities, therefore, the hackers did not extract information from the system, which contains the health data of 5.8 million people. For many experts, however, it is too early to tell: following attacks like the one that hit the Region it usually takes a long time before they can accurately quantify the damage.
There is talk of “attack on Italy” or “terrorist attack”, what does it mean?
Not much for now. Cyber attacks with the purpose of pure destruction, so to speak, are extremely rare, and it is more likely that the one against the Lazio Region is a criminal act. Similar ransomware attacks have occurred all over the world and have hit large health institutions and organizations, and are now quite common and growing. Furthermore, as Stefano Zanero, associate professor of Computer Security at the Politecnico di Milano, wrote on Twitter, if the attack had had destructive intentions, the attackers would have destroyed all the data, rather than just encrypting and blocking them.
Even the news that, as some newspapers have written, the attack would come from abroad for now is of little value: it is quite easy for cybercriminals to hide or disguise their origin, and more accurate analyzes will be needed.
How long will it take to get things right?
Since the information on the attack is sparse for now, it's pretty hard to tell. Zingaretti announced on Monday that health services data will be migrated to a cloud system to create a kind of parallel and alternative computer system to the blocked one, but for now there is no precise information on both when the migration will be completed and what functionalities will be. restored.
Zingaretti said that the reservations already fixed until Saturday allow the vaccination campaign to continue at a good pace until August 13th. Later, if the systems are not restored, there is a risk of serious delays.
