Pierluigi Paganini
April 23, 2024
Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack.
The company initially cited technical issues as the cause leading to “temporary interruption of access to computer and telephone systems and related services.” However, a concerning scenario has emerged a few hours later.
The company has released a statement informing customers of the ongoing attack and has “disabled” all company computer systems in Italy as a precautionary measure.
Patients are facing significant disruptions, with many social media users complaining about their inability to access urgently needed diagnostic test results.
The company’s statement announced the suspension of all activities at sampling points, medical centers, and laboratories in Italy until further notice.
Synlab immediately investigated the incident and is working with external experts to contain it.
Certain passages of the statement raise particular concerns:
“SYNLAB informs all Patients and Customers that it has been the victim of a hacker attack on its computer systems throughout the national territory. As a precaution, all company computer systems in Italy were immediately disabled following the identification of the attack and in accordance with the company’s computer security procedures.”
[SYNLAB] is currently unable to determine when operations can be restored.
These statements highlight the need for the company to isolate systems to prevent the spread of the threat and mitigate its impact.
Such drastic containment measures are typically associated with malware infections, while the unavailability of affected systems often suggests a ransomware infection.
Therefore, companies that suffer a ransomware attack cannot predict when they will be operational again because they need to eradicate the threat from affected systems and restore any backups.
Another concern for companies affected by ransomware is the potential exfiltration of data. If health information is stolen in the case of SYNLAB Italy, it would pose a serious risk to affected customers’ privacy and security.
The latest update provided by the company states:
“Currently, the SYNLAB task force is analyzing every single part of the IT infrastructure, including backup systems, in order to restore its systems securely as soon as possible. The company has also filed a report with the Postal Police and initiated the preliminary notification procedure to the Italian Data Protection Authority.” reads the statement. “SYNLAB has apologized to its patients for the inconveniences caused by the current situation and has made available dedicated telephone and social media channels for managing requests and providing information, referring to all facilities in the territories. The company is continuously updating patients, clients, and the public through the website www.synlab.it and social media channels.”
A similar scenario occurred previously at the French branch of the group, Synlab.fr, when it was targeted in an attack by the Clop group, specializing in extortion activities. While the attacks appear unrelated, they serve as a warning for the entire sector.
The increasing number of attacks against healthcare companies exposes the medical information of millions of citizens, which remains easily accessible to criminals.
In February, 2024, a cybersecurity alert published by the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted attacks conducted by ALPHV/Blackcat ransomware attacks.
The US agencies released a report containing IOCs and TTPs associated with the ALPHV Blackcat RaaS operation identified through law enforcement investigations conducted as recently as February 2024.
As for the SynLab case, further information on the incident is awaited as the company works to restore operations and secure user information.
Italian readers can give a look at my Post on the Italian Newspaper La Repubblica:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Synlab Italia)
