As you could imagine, the rise of ransomware is only at the beginning and after the Lazio region comes the security incident of the regional health service of Tuscany. From what was leaked from the first press reports it seems that the malicious event took place between 17 and 18 August last . However, following the reconstructions provided by the technicians of the ARS Toscana healthcare company, the systems should not have been compromised thanks to the presence of backups not affected by the security incident.
Ransomware in Tuscany: what happened
From the statements received regarding the incident, the ransomware would have encrypted the data of the information systems of ARS Toscana causing the compromise of many epidemiological information saved in them. On the other hand, there are no sensitive data of citizens (especially personal health data) since ARS Toscana does not process them directly.
President Eugenio Giani stated that "the work of the technicians who intervened immediately and who are completing the recovery of the epidemiological and statistical data processed by the Agency is in progress". In the meantime, the Region has confirmed that there have been no downsides of its systems but above all of the external services offered to citizens. None of the ARS portal, databases and e-mail servers have had extended periods of failure that could have compromised their operability.
The underlying causes of the ransomware
Once again the reasons we have outlined more and more often in recent times return. We live in a data-driven society where data has become one of the most fundamental and most profitable assets. Causing malfunctions or taking possession of personal data on the one hand can be a source of income for the bad guys and on the other it causes damage to image with important economic repercussions for your business.
Moreover, the human component, understood as the users who are the target of any phishing and social engineering campaigns, continues to be the weak link to penetrate corporate systems. Very often, emotionality plays tricks and alternates the ability to correctly distinguish a correct action from a potentially risky one . We should try not to reach this level of choice and above all not to do it in moments in which we are not completely lucid (ie periods of stress or anxiety, moments in which it is necessary to do something in extreme hurry, etc …).
In this case, the presence of a backup was fundamental but above all useful , as the copy of the data had not itself been compromised by the ransomware. However, it is not always enough since it is necessary to understand how long the virus has been in the system and therefore in how many past copies of the backup we could potentially find it.
Another essential factor is given by the segregation of the systems by which we mean the division of the infrastructures to avoid having a unicum reachable from every point of the company network. This hypothesis is reached with an adequate planning of the infrastructures and with a careful management of the accesses. Of course, the principle of minimum privilege (PoLP) is always to be considered extremely effective in defining roles for access to systems. In this way you avoid encountering potential super users who are able to access every component of the infrastructure and who, if compromised, could generate enormous damage.
For the moment the ARS Toscana systems seem to be under control again and in the next few days the postal police investigations will begin to establish the exact causes and origins of this accident. Instead, for us citizens, the cardinal principles of Internet security always apply: pay attention to what you download and the e-mails you receive, avoid accessing content from unknown senders and never enter personal credentials on any web page.
The article Security incident for ARS Toscana: a ransomware in the systems comes from Tech CuE | Close-up Engineering .