Experts restored on Thursday the website that handles the services of Italy’s Lazio region after cybercriminals forced the administration to shut it down on Sunday, delaying the inoculation process in Italy’s second most populous region.
Hackers attacked the IT system of the company that manages COVID-19 vaccination appointments of nearly six million people.
Lazio regional health councillor Alessio D’Amato has called it “the most serious cyber-attack ever carried out on an Italian public administration.”
Italy’s news agency ANSA said that the FBI and Europol are involved in the investigation into the attack that came from abroad and that the attack is being investigated as an act of terrorism and as a cybercrime attack.
The as of yet unknown hackers used a type of malware known as cryptolocker to shut down the site and Italian health authorities had to turn to new methods to get people signed up for vaccines, slowing the rate of immunization in the region.
Nonetheless, the hack was exactly the type of event which cybersecurity experts have been warning about since the start of the pandemic.
“The clear majority of law enforcement respondents named ransomware as a top priority threat,” Europol said in their 2020 Internet Organized Crime Threat Assessment report.
Hospitals and health care infrastructure were listed as among the most vulnerable targets.
Shortly after the site was shut down, Italian authorities received a ransom request, CNN reported.
“The COVID-19 crisis illustrated how criminals actively take advantage of society at its most vulnerable,” Europol said.
However, the Italian website was far from the first public health system hit with such an attack.
In the United States, the Champaign-Urbana Public Health District’s website, which serves more than 200,000 people, was crippled by ransomware, at the start of the pandemic the News-Gazette, a local outlet, reported.
And in March 2020, the US Department of Health and Human services was also targeted in a cyberattack, Bloomberg reported.
Just last month, Italy had established a new agency to counter cybercrime.
By David Klein, August 5, 2021, published on OCCRP