Cybercriminals take down Italian vaccine-scheduling website

A cyberattack has brought down an Italian COVID-19 vaccine-scheduling website.

Italian authorities said cybercriminals attacked the technology systems of the Italian region of Lazio. Chuck Everette, director of cybersecurity advocacy at Deep Instinct, tells Security the attack appears to be part of a supply-chain campaign that also affected other companies in Italy.

Everette says, “As this attack is part of a wider campaign, it should be the cause of further concern for other government agencies and healthcare organizations across the world.”

According to the Wall Street Journal, Lazio Regional President Nicola Zingaretti wrote on Facebook that scheduled vaccine appointments would occur, but the system to book appointments will be disconnected for a few days. “The situation is serious,” he said.

Cybercriminals have recognized that the demand for COVID vaccines presents a wealth of opportunities due to the number of people flocking to be protected and the personal data required even to book a time and date to receive the vaccine, Everette says. “These are exceptional times, and the rollout of vaccine booking portals in every country has been a literal lifesaver for many people.”

Though governments are doing all they can to protect their citizens, the speed at which these online portals have been created means that they were not necessarily built with security in mind, Everette explains.

Terry Ray, Senior Vice President and Fellow at Imperva, agrees, noting that the pandemic has forced the digital agenda to speed up transformation at an astonishing pace, creating numerous pathways for cybercriminals to exploit vulnerabilities on vaccine scheduling sites. “The healthcare industry has always been a ripe target for cybercriminals, and this isn’t going to change as demand for rapid access and mobile access increases the burden on security teams. Organizations in this market have access to incredibly valuable personal data, yet commonly rely on unpatched and outdated systems and third-party applications – a perfect storm that is resulting in more security incidents and web application attacks.”

According to data from Imperva Research Labs, the number of records compromised each year increases by an average of 224%. Ray explains. “While 2021 is far from over, we’re already on pace for another record-setting year. We’re on pace to see 40 billion records compromised by the end of 2021 - more than double last year’s total. This is a staggering and concerning number considering that every piece of data is valuable and can be exploited for other attacks in the future. This follows an unprecedented year of cybersecurity activity in healthcare.”

Imperva data shows the industry experienced 187 million web application attacks per month globally, on average, or roughly 498 attacks per organization each month. That is a 10% increase year-over-year, and “it underscores the growing vulnerability of web applications for healthcare organizations,” Ray says.

Healthcare has a vast cybersecurity issue on its hands, and it will only continue to grow, Ray warns. “As the pace of digital transformation quickens, all healthcare organizations must prioritize the protection of data and all paths to it,” he says.

The best protection against attacks such as this one is a multi-layered approach using a variety of solutions, Everette believes. “A “prevention-first” mindset is also key. Organizations need to implement security at every stage of the development process and execute a DevSecOps approach to prevent cyberattacks rather than mitigate them. Investing in solutions that use technology such as deep learning, which can stop a ransomware attack, pre-execution before it can take hold will also help add that extra layer of defense that government and healthcare organizations desperately need.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.