A Single Password With The Power To Take Down Italy’s Mass Vaccination Programme

BACKGROUND:

Earlier this week, the Lazo Region’s healthcare portal which is responsible for the mass vaccination program for the region surrounding Rome was struck by a cyber-attack that could potentially cause a devastating impact on the fight against COVID-19.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Eric Milam
Eric Milam , VP of Research and Intelligence
InfoSec Expert
August 4, 2021 7:32 pm

<p>A single password with the power to take down an entire Italian region’s mass vaccination programme. As Italian healthcare ministers and government officials grapple to get the Lazio region’s healthcare portal and vaccination programme back-up and running before it has a detrimental impact on vaccine roll-out, this attack highlights the importance of a preventative approach to cybersecurity.</p>
<p>Yet again, it has been revealed that a VPN password without two factor authentication is the key to the attack on the Lazo Region’s healthcare portal. VPNs are inherently unsecure, due to their static approach to authentication and authorisation. If you have the password, you’re assumed safe for the duration of the connection – whether you’re a genuine user or a hacker. Even more concerning for the Italian healthcare portal is the fact that the encrypted data does not have further back-ups and therefore, if the key is not recovered, the data cannot be restored – potentially causing huge setbacks in the mass vaccination roll-out.</p>
<p>A better approach is Zero Trust Network Access and adopting a prevention-first approach to cybersecurity. Instead of securing only the network directly, it ensures networks are only accessed by trusted and healthy devices. It uses AI to continually analyse user behaviour, device trustworthiness, and network and app access patterns, which allows it to immediately protect the environment if anything suspicious arises – with lives on the line, robust cybersecurity has never been more critical.</p>

Last edited 1 year ago by Eric Milam
1
0
Would love your thoughts, please comment.x
()
x