Threat Management, Application security

Cyberattack shuts down Italian region’s COVID-19 vaccine scheduling app

Scheduling apps are crucial to the rapid deployment of COVID-19 vaccines. But the recent attack on the scheduling app of Lazio, Italy spotlights the risk posed by cyberattacks on these oft-vulnerable apps. (“201005-N-LW757-1024” by NavyMedicine is marked under CC PDM 1.0. To view the terms, visit https://creativecommons.org/publicdomain...
Scheduling apps are crucial to the rapid deployment of COVID-19 vaccines. But the recent attack on the scheduling app of Lazio, Italy, spotlights the risk posed by cyberattacks on these oft-vulnerable apps. (Photo credit: "201005-N-LW757-1024" by NavyMedicine is marked with CC PDM 1.0)

Cybercriminals have shut down the IT systems of the management vendor that hosts the COVID-19 vaccine scheduling app of the Lazio region of Italy, just outside of Rome. The region’s social media post explains it’s unclear who launched the attack and for what purpose. It’s the first criminal cyberattack against the region.

The attack struck on Sunday, which drove the security team to shut down a number of connected websites, including the region’s health portal and vaccination app. The latest update on Aug. 3 shows officials expect it will be another 72 hours until the vaccine booking site and vaccination services will be restored.

Attributing the incident to “a very powerful hacker,” the hack has impacted the entirety of the Lazio region’s CED and blocked access to every file in the region’s data center. The recovery team shutdown the system to allow internal verification and to stop the attack from proliferating.

The Lazio region's social media post confirms the network has been infected with a virus, but does not explicitly name ransomware. But given incident shut off access to files, ransomware is a likely source.

The security team is continuing to safely reactivate new vaccine bookings, and officials said that no data has been stolen. The technicians working to recover the systems are working closely with the postal police and legal departments in nearby Rome.

The public was warned the attack may cause a number of delays with vaccine operations. Despite the attack, officials informed the 500,000 citizens who previously scheduled an appointment through Aug. 13 that they can come into the vaccine centers at the planned time.

For now, the region is migrating to external cloud essential services to restore the vaccine scheduling app as soon as possible.

The attack bears similarities to a hack on a U.S. provider's vaccine scheduling tool earlier this year. Michigan-based Beaumont Health was forced to shut down its COVID-19 vaccine appointment scheduling app in February after a threat actor exploited a flaw in its Epic platform.

The incident enabled 2,700 people to cut in line and register for an unauthorized appointment. The hacker leveraged a known flaw in the Epic tool and publicly shared the scheduling pathway, which was designed to be sent only direct recipients through “ticket scheduling.”

The situation was swiftly addressed and the appointments changed, but it spotlighted the risk posed by leveraging tech with known security flaws.

A previous Imperva Research Labs report found cyberattacks against health care-based web applications increased by 51% between the start of COVID-19 vaccine distribution in December through February 2021. Primarily targeting entities in the U.S., Brazil, the U.K., and Canada, there’s been a spike in cross-site scripting (XSS) attacks, SQL injections, protocol manipulation, and remote code execution.

Terry Ray, Imperva senior vice president and fellow, explained to SC Media that there’s been an average increase of 224% in the number of records compromised each year in the sector. And the current rate of health care data breaches puts the sector on pace for another record-setting year.

In fact, the top five reported breaches so far this year have impacted over 1 million patients per each entity. By the end of 2021, Ray warned the current pace will lead to at least 40 billion compromised records, an alarming statistic “considering that every piece of data is valuable and can be exploited for other attacks in the future.”

Previous Imperva data also shows health care has experienced 187 million web application attacks per month globally, on average. In total, that’s roughly 498 attacks per entity each month, or a 10% increase year-over-year.

Ray explained the data spotlights the growing vulnerability of web applications for health care organizations, "as seen with the ongoing attack on the Lazio region’s COVID-19 websites. Far too many health care entities are relying on unpatched and outdated systems, combined with the frequent use of third-party applications, it’s a perfect storm that is resulting in more security incidents and web application attacks.”

“The healthcare industry has always been a ripe target for cybercriminals. This isn’t going to change as demand for rapid access and mobile access increases the burden on security teams,” said Ray. “A global pandemic has forced the digital agenda to speed up at an astonishing pace”

“The transformed IT landscape in health care is creating numerous pathways for cybercriminals to exploit — from large-scale ransomware attacks on health systems caring for patients to attacks on vaccine scheduling sites — often under the nose of an already oversubscribed IT security team,” he added. “Health care has an enormous cybersecurity issue on its hands, and it will only continue to grow.” 

As providers continue to rapidly deploy needed digital innovations, Ray stressed that it’s critical for entities to better prioritize data protection, including all access points and communication pathways.

Health care providers struggling to keep pace should review past insights from the Department of Health and Human Services and the Healthcare and Public Health Coordinating Council (HSCC), which include step-by-step methods to strengthen enterprise cybersecurity programs.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.