Ukraine. “The risk of cyberattacks is increasing. Health establishments in the sights”. Interview with Serafino Sorrenti from the Ministry of Health

by Giovanni Rodriquez

“Compared to the government world, the health sector brings with it another value: big health data. Sensitive data such as people’s health data, health records and disease reports carry enormous weight in the market. We are also considering the possible dissemination of data sensitive to the health of representatives of institutions. The sector is extremely delicate, so there is an absolute need for great protection”. Thus the member of the Commission for Innovation and Digitization of Health Services at the Ministry of Health.

05 APRIL – The war in Ukraine is not limited to the horrors we have seen in recent weeks in cities that have become battlefields. The shock also extended to another front, that of information technology. The worsening of the conflict has indeed raised the level of alert in the face of possible cyberattacks throughout the West, compressed Italy. Among the most sensitive targets are also hospitals and healthcare companies. To understand why we asked for help from Serafino Sorrentimember of the Commission for Innovation and Digitization of Health Services at the Ministry of Health and former member of the Covid-19 Task Force at the Presidency of the Council of Ministers.

Doctor Sorrenti, in recent weeks the alarm has been raised about possible cyberattacks also in Italy, what risks do we run?
It must certainly be considered that many software platforms on the market also used in Italy have been developed by Russian companies. One of the best known is the Kaspersky antivirus, developed by a former KGB. Antivirus, to work we know that once installed they take full control of the device in some sense. Today, health structures, governments but also large companies in other sectors have purchased this type of product given both its very aggressive market price and its effectiveness. To be clear about this, we have to say that at the moment we have no evidence that it is a dangerous product. Nevertheless, it is still necessary to continue the reasoning and add another element.

What is?

We must consider the scenario of a possible extension of the conflict. If this were to also involve NATO, then no one could rule out the risk of possible actions that would make institutional sites vulnerable, putting sensitive data at risk. We cannot know if, through a trivial update, malware could spread.

Health facilities are among the most at risk, why?

Compared to the governmental world, the health world brings with it another value: big health data. Sensitive data such as personal health data, health records, and disease reports carry huge weight in the market. We are also considering the possible dissemination of sensitive data on the health of institutional representatives. The sector is extremely delicate, so there is an absolute need for great protection.

Last year there was the attack on the Lazio region, when health data was targeted. Were there others like that?

Yes, for example, Tor Vergata University was targeted. There was an attack using ransomware, a type of malware that restricts access to the device it infects by demanding payment of a ransom to remove the restriction. This somehow compromised the entire computer system of the university, putting the data at risk.

Attacks with ransomware are becoming more and more widespread. Can we speak of a new form of cyberterrorism?

Absolutely yes. The terms are the same. The spread of ransomware can create huge problems. Not just in the health sector. Another sector that has been hit hard is the energy sector. Recently, a large company in Campania was attacked in this way and recorded losses in terms of lost turnover of around 1 million euros per day.

How are these redemptions paid out?

Requested payments are always in bitcoins. This therefore also implies the need to stock up on this electronic money which has values ​​that are not accessible to everyone.

How to counter this phenomenon?

It is necessary to insert personnel within companies ready to manage this risk of attacks in order to protect both the companies themselves and the data of the people often held by them. The healthcare world, in particular, often has outdated software and the only way to prevent these attacks is to have professionals who take care of cybersecurity. Cybercrime is increasingly looking for data. Giants like Apple and Meta (Facebook) have also been attacked recently. We must be ready.

John Rodriquez

April 05, 2022
© All rights reserved


Other articles in Government and Parliament

image_1

image_2

picture_3

image_4

picture_5

picture_6

Quotidianosanità.it

Online news
health information.

QS Edizioni srl
VAT number 12298601001

Via Boncompagni, 16
00187 – Rome

Via Vittore Carpaccio, 18
00147 Roma (RM)

site manager

Cesare Fassari

Managing Editor
Francesco Maria Avitto

President
Ernesto Rodriquez

Copyright 2013 © QS Edizioni srl. All rights reserved
– VAT number 12298601001
– registration in the ROC n. 23387
– registration at the Court of Rome n. 115/3013 of 05/22/2013

All rights reserved.
Privacy Policy

Add Comment