Hacker attack on Synlab, patient data stolen and published on the dark web: what is a ransomware attack

The May 13, 2024 the private healthcare company Synlab Italya branch of the multinational Synlab, announced that it had suffered a heavy blow on April 18th hacker attack of type ransomware (theft of sensitive data in order to ask for a ransom, generally in cryptocurrencies) which has forced the suspension of diagnostic activities and which is now putting the privacy of thousands of patients. The Russian cybercriminal organization Black Enough in fact, he illegally stole customers' documents and personal data from the company, demanding a large ransom from Synlab. Following the company's refusal to give in to blackmail, the cybergang published 1.5 terabytes of data in the dark web, i.e. parts of the web accessible only through specific applications that are used by cybercriminals.

Hacker attack on Synlab: what happened

The April 18, 2024 Synlab Italia announced that its computer systems had been attacked through a malware, that is, a harmful computer virus capable of stealing documents, data and information. The company promptly activated a task force tasked with blocking the cybercriminal attack, so as to mitigate its impact and restore your services as soon as possible. In fact, as soon as it received information about the attack, Synlab Italia promptly deactivated and secured its IT systems, which the company then reactivated having identified and isolated the malware.

The company immediately notified that it had reported to the Police post the fact and the notification procedure has been initiated Personal Data Privacy Guarantor (GPDP), as well as having alerted its customers that it had been robbed of a significant amount of data. As typical in attacks ransomwareBlack Basta requested Synlab a onerous ransom in exchange for the data subtracted. However, the company has publicly declared that it does not want to compromise.

This choice is in line with what is indicated by the GPDP, since the payment of a ransom is clearly a temporary solution. In fact, the data remains in the hands of criminals who, despite paying the sum, can decide to publish it anyway or ask for subsequent ransoms. L'only solution is to activate specialized technicians – as done by Synlab – so as to limit the impact of the attack.

Not seeing the ransom delivered, the criminal organization published on May 13th 1.5 terabytes of documents on the dark web, containing reports And medical records related to patients' health, such as therapies, diagnoses, ultrasounds together with data relating to the identity of customers. Synlab stated that its systems have been secured and that the data has not suffered any damage thanks to security backups performed periodically.

How ransomware attacks happen

Unfortunately, there are a lot of ransomware attacks frequent given the dizzying growth we are experiencing in the use of information technology. Last year, for example, a ransomware attack hit servers around the world. The Clusit (Italian Association for Information Security) estimated that in 2023 there have been around 3000 cyber attacks with a 20% increase compared to 2022.

Ransomware attacks consist of a malware which is downloaded into the computer system that is attacked and which encrypts – i.e. masks – the files contained in the system making them unreadable (cryptor) or block access to the infected system (blocker).

In most cases, malware is spread via scam emailsthat is, through phishing. These are emails that appear to come from known and reliable entities, containing link or attachments that cause the download of the malware. It seems that also in the case of Synlab it was phishing, given that the company in its press release expressly reports indications from the GPDP regarding how to defend against phishing.

The more effective weapons in this case I am theAttention and the caution. In fact, phishing emails are very credible but always contain fundamental details that help us understand that it is a scam.

Risks to the sensitive data of Italian patients: what to do

Synlab Italia stated that it has made a commitment to inform the people affected by the hacker attack. In any case it is advisable to send a PEC email (Certified Electronic Mail) to the Synlab Italia customer service ([email protected]) or to the email address of the office where the exams were carried out (here is the list) asking if your medical and personal data are included among those stolen and spread by the ransomware attack.