Expert comment on Lazio’s possible supply chain attack on vaccine portal


Italy’s Lazio region has suffered a cyber attack on its vaccine booking portal. Recent reports claim this may be part of a wider supply chain attack that has affected other Italian organisations.

Hackers have recognised that the demand for Covid vaccines presents a wealth of opportunities due to the number of people flocking to be protected and the personal data that is required to even book a time and date to receive the vaccine. The attack on Lazio’s vaccine portal appears to be part of a supply chain attack and is therefore not an isolated incident. As this attack is part of a wider campaign, it should be the cause of further concern for other government agencies and healthcare organisations across the world.

These are exceptional times and the roll out of vaccine booking portals in every country has been a literal lifesaver for many people. Governments are doing all they can to protect their citizens, however, the speed at which these online portals have been created means that they weren’t necessarily built with security in mind. Governments are finding it increasingly difficult to hire expert cyber professionals who can help prevent attacks such as this one, and it would have been challenging to ensure there are no vulnerabilities within these portals that could be exploited by bad threat actors.

The best protection against attacks such as this one is a multi-layered approach using a variety of solutions. A “prevention-first” mindset is also key. Organisations need to implement security at every stage of the development process and execute a DevSecOps approach in order to actually prevent cyber attacks, rather than mitigate them. Investing in solutions that use technology such as deep learning which can stop a ransomware attack, pre-execution, before it can take hold will also help add that extra layer of defence that government and healthcare organisations desperately need.