In the crosshairs of hackers

Healthcare under attack: why Italian hospitals are vulnerable to cyber criminals

The cyber agency's report: not only sophisticated intrusions but mainly trivial errors such as incorrect configurations, outdated devices and organisational shortcomings

by Ivan Cimmarusti

7 May 2025

3' min read

3' min read

Over the past two years, Italian hospitals have increasingly fallen into the crosshairs of hackers. A report by the Agency for National Cybersecurity (Acn) reveals a worrying trend: since January 2023, the country's healthcare facilities have suffered an average of 3.5 cyber attacks per month, and in about half of the cases, these are cyber incidents with a concrete impact on the services provided, such as surgeries, and on patients' privacy.

The cases are different. In the night between 22 and 23 October 2023, the Azienda Ospedaliera Universitaria Integrale di Verona was hit by a cyber attack claimed by the ransomware group Rhysida. Hackers exfiltrated more than 900,000 files, amounting to 612 GB of sensitive data, including medical reports, clinical analyses, work eligibility judgments, and administrative documents, which were then put up for sale on the dark web for the price of 10 Bitcoins, around 350,000 euro at the exchange rate of the time.

Between 5 and 6 June 2024, the ASST Rhodense, which includes the hospitals of Garbagnate, Bollate and Rho, was the victim of an IT attack. The incursion caused computer systems to crash, forcing the facilities to suspend non-urgent surgeries, laboratory tests and other scheduled healthcare services. The ransomware group Cicada3301 claimed the attack, claiming to have exfiltrated 1 terabyte of sensitive data, including medical documents, prescriptions, and patients' personal information.

What is behind this permeability of the public health world? According to the Agency's technicians - who analysed 50,000 healthcare IP addresses monitored between April 2024 and March 2025 - it is not only sophisticated intrusion techniques, but also - and above all - human errors, incorrect configurations, obsolete devices and organisational shortcomings. In short, widespread and often trivial vulnerabilities linked to a lack of awareness of cybersecurity issues.

Cyber attacks on the rise

In 2024, compared to the previous year, cyber events more than doubled (from 27 to 57), while incidents - i.e. attacks that actually caused damage - rose from 12 to 55. And the trend is also confirmed in the first quarter of 2025: 21 events and 11 incidents, compared to 10 and 6 in the same period the year before.

The main threat? Ransomware, i.e. those viruses that encrypt data and lock computer systems until a ransom is paid. In 2024 alone, 10 significant cases of ransomware were recorded in Italian healthcare. But also growing are intrusions via stolen credentials, the spread of malware via email, and - new in 2025 - DDoS attacks (which disrupt sites by making them inaccessible), in some cases claimed by hacktivist groups linked to the war in Ukraine.

Wrong configurations and old software

But how do hackers manage to penetrate systems? According to the Acn, most of the critical issues do not depend on overly complex or expensive technologies, but on easily avoidable problems. The vulnerabilities detected fall into three categories:

1. Services displayed on the Internet without protection, which should not be publicly accessible.

2. Outdated software, no longer upgradeable and left vulnerable.

3. Misconfigurations, such as unnecessarily open ports or weak communication protocols.

It is precisely the latter category that represents the largest slice of the problem. And we are not talking about unknown bugs or sophisticated flaws: an update or a correct setting is often enough to close the door to attacks.

The risks

The consequences of a cyber attack on a hospital are not limited to technical damage. The ACN document points out that these incidents have often resulted in interruptions in the delivery of healthcare services, theft of sensitive data, alterations in information systems, and reputational damage that is difficult to repair. In some cases, diagnostic machines have also been affected, rendered unusable by data tampering.

These are not just theoretical threats. Each successful attack undermines public confidence in the healthcare system, which is already tested by logistical and organisational challenges. And while the causes are known and the solutions technically possible, the real crux remains cultural and organisational.

Ivan Cimmarustigiornalista
- Email
Luogo: Roma
Lingue parlate: Italiano, inglese
Argomenti: Sicurezza, giudiziaria, inchieste, giustizia tributaria
Premi: Nel 2011 tra i vincitori del Premio Internazionale Antimafia Livatino-Saetta
Scheda autore
Trust project