Hack the hospital

New threats from computer hackers that now ten days ago breached the computer network of the ASL of Aquila, causing an unprecedented blockage and serious inconvenience to hospital activity. A new message was posted overnight on the “Deep Web” page of the “Monti group,” the hacking galaxy behind which the hackers who allegedly carried out the raid are hiding.

The hacker attack

A communication that even invites users to request the resignation of administrators “who do not care” about personal data.

In communication, the hackers claim to show one of the flaws in the regional systems. In particular, a Sql vulnerability is shown on the site of the Asl Praetorian Registry 1. Sql is a language used to query databases, and Sql injection is one of the most common hacking techniques. Along with all this, other sensitive data has been released, around a hundred gigabytes: among these are the names of children with learning disabilities.

Meanwhile, even the backup, the “safe” copy of the data to be used in an emergency, would have been breached by hackers. So the tug-of-war between network criminals and institutions continues, but as the governor, Marco Marsilio, made clear, no ransom will be paid. Obviously the regulations do not allow it and, moreover, there is no official confirmation from the researchers regarding the feared two million, news that has circulated on the Internet.

Therefore, the backup system has also been compromised, which can be defined as the data safe where there should be copies of important files or databases. An attack that would have been easy for hackers, as this safe should not have been connected to the Internet. Hence the enormous effort of the ASL working group to restore the system. From the investigative point of view, after the recent inspections carried out in the ASL of L’Aquila and Avezzano by the officers of the postal police of L’Aquila, everything is now in the hands of the colleagues of Pescara and especially of the Center National Computer Anti-Crime for the Protection of Critical Infrastructures based in Rome. One figure makes you think: in fact, on the “Deep Web” there are more than 4,000 views by curious people who, looking for his folder or simply voyeurism, now risk being accused by the investigators themselves. At the moment it is difficult to understand any criminal responsibility of the ASL itself. In fact, if the lack of intent in the underestimation of a possible hacker attack is found, as it almost certainly seems, then nothing can be charged. A similar consideration regarding potential tax damages. Discourse different in the civil field, negligence must be identified.

Source : IL Messaggero

Related Stories