COVID-19 Vaccine Portal In Italy's Lazio Region Hit With Suspected Ransomware Attack

COVID-19 Vaccine Portal In Italy’s Lazio Region Hit With Suspected Ransomware Attack

The government of Italy’s Lazio province informed its residents about a hacker attack that hit its portal for vaccinations. The announcement was posted on its Facebook page.

Officials in the Lazio region said that a “powerful” attack hit their databases on Sunday. The attack affected all systems, including the COVID-19 vaccine booking system and the Salute Lazio portal.

Officials said that the attack could cause delays in vaccinations. It was not clear if the incident was a ransomware attack. While, CNN reported that Lazio officials have received a ransom demand.

Nicola Zingaretti, the president of the Lazio Region, noted that they still don’t know who the suspects are behind this attack “of criminal origin.”

The attack was carried out on Saturday night and “blocked almost all of the files in the data center.”

“At the moment the system is shut down to allow internal verification and to prevent the spread of the virus introduced with the attack. LazioCrea informs us that health data is safe, as well as financial and budget data,” Zingaretti said.

They are currently migrating some of our essential services to external cloud platforms to restore them.

“We are migrating essential services to external clouds to make them operational as soon as possible. 112, 118, Emergency Department, Transfusion Center and Civil Protection are safe and are providing services regularly. The situation is serious and we immediately alerted the Postal Police and the highest levels of the State, which we thank.”

At a press conference, Prime Minister Giuseppe Renda said that the attack on the region was considered a terrorist act and that it was the most serious incident that has ever occurred on Italian territory.

“The attacks are still taking place. The situation is very serious,” he said, according to ANSA. Lazio’s health official Alessio D’Amato told Reuters that “everything is out” following the attack.

Cyberattackers reportedly gained access to the system via a compromised administrator profile. Through the profile, the attackers were able to activate a “crypto-locker” that encrypted the data on the system.

“Technicians are working to safely reactivate new bookings as well and no data has been stolen. We’re in constant contact with the commissioner’s structure to ensure vaccination users have a green pass as usual,” officials stated.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.