Saturday, May 11, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Hacker, what happens to the Verona Hospital?

3 months ago babelfish

Hacker, what happens to the Verona Hospital?

Following the cyber attack suffered last October, the Integrated University Hospital (Aoui) of Verona is contacting the victims of the data theft. All the details

As many as 658 thousand files have been published on the patients' Dark Web and now the Integrated University Hospital (Aoui) of Verona is notifying those who suffered the theft.
On 22 October 2023, the Veronese hospital was in fact the victim of a hacker attack on its IT systems which caused the interruption of online services, telephone lines and CUP booking procedures. In particular, the violation concerned "fragments of data of an administrative and health nature of a delimited pool of users and collaborators (employees and otherwise)". The hackers made a “ransom demand,” threatening the Aoui “with publication of the copied data on the dark web.”

As communicated at the beginning of the week by Aoui, immediately "the Company worked, in coordination with the relevant authorities, to update users on the evolution of the situation, on the actions implemented to combat the data breach and to implement technical measures in order to increase data security".

The Aoui did not give in to the blackmail of the attackers who in return published the stolen data on the dark web.

And now the Integrated University Hospital of Verona has started sending a text message to some of the patients involved in the data breach. In the event that the violation presents a risk to the rights and freedoms of people, the privacy legislation provides for the obligation to communicate the data breach to the interested party without unjustified delay. As the Privacy Guarantor had recalled regarding the case of ASL 1 in Abruzzo after hundreds of gigabytes of health data of citizens from the entire province of L'Aquila were published following a hacker attack.

All the details.

THE HACKER ATTACK AGAINST THE VERONA HOSPITAL

The hacker attack on the Aoui involved the violation, copying and publication on the dark web of data relating to a limited pool of users and collaborators (employees and otherwise) of the Verona hospital, both of a healthcare and administrative nature, the company says.

Furthermore, the Veronese hospital continues, "it immediately worked to restore the IT systems, which took place on 10/24/2023, so essentially the availability of the data has always been guaranteed thanks to the backups carried out by the Company and no loss of personal data occurred."

This is partial and incomplete information that the Aoui task force, made up of healthcare, IT, administrative and legal expertise, has reconstructed thanks to analysis work carried out over the last two months together with the corporate groups in charge, adds the press release from the university hospital of Verona.

ACTIONS TAKEN

After reporting the hacker attack to the Postal Police and the Guarantor for the protection of personal data, the hospital informs that it has "activated the task force to analyze the type of data violated in order to adequately inform the interested parties involved, depending on the level of risk."

THE SCOPE OF THE DATA BREACH

According to the analysis conducted, just over 2% of Aoui's corporate data archive was exfiltrated, without the involvement of health records, health records and electronic patient records.

NO REDEMPTION PAID

As Aoui explains, the company "did not take into consideration the ransom request, as has also happened in similar cases to the detriment of the IT systems of other healthcare companies and other entities (belonging to the PA and otherwise), in the Italian territory, and this resulted in criminals carrying out the threat to publish exfiltrated data on the dark web.”

THE DATA EXFILTRED IN THE CYBER ATTACK ON THE VERONA HOSPITAL

As regards patient data at the mercy of the dark web, the company specifies that "In any case, this is partial and incomplete information, often grouped in databases referring to a large number of people, most often identified in a incomplete or in any case difficult to reconstruct in the absence of further cognitive elements, which Aoui has reconstructed thanks to incessant and profuse analytical work".

Specifically, the categories of personal data violated are the following: personal data; contact details; Payment details; data relating to criminal convictions and crimes (criminal records); data relating to identification and recognition documents; health data and genetic data.

“In any case, the exfiltrated contents are mostly fragmented, unstructured and not indexed and, therefore, the searches would still be rather complex” the Aoui note further points out.

However, in the months following the cyber attack, the Aoui took steps to inform users according to the Strategic Communication Plan aimed at interested parties, both internally with newsletters addressed to employees and externally with letters, FAQs, specific spaces purchased in newspapers, social channels and the company portal" explain the management at Borgo Trento in L'Arena.

The sending of text messages also started from here to users whose "health data [so-called red], characterized by a high degree of sensitivity, were copied by the hacker group", specifies Aoui on the site. Furthermore, Aoui has also made psychological support available to those of the "red" patients who feel the need.

THE GUARANTOR'S DIKTAT

Finally, the Verona hospital company recalls that, "as also specified by the Guarantor for the protection of personal data in a statement issued in May last year on the occasion of a similar attack which affected another Italian health company [the Abruzzo Local Health Authority 1 already mentioned above], anyone who comes into possession or downloads data published on the dark web by criminal organizations – and uses them for their own purposes or disseminates them online, on social networks or in any other way – incurs illicit conduct which may, in cases provided for by law, constitute a crime".

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/hacker-cosa-succede-allazienda-ospedaliera-di-verona/ on Wed, 21 Feb 2024 15:20:33 +0000.