Getting caught up on #OperationSafePharma

So I am slow to find out about this, and wouldn’t have found out at all if it hadn’t been for Softpedia’s Catalin Cimpanu helpfully pointing to this, but AntiSec-Italia, anItalian Anonymous-affiliated group, has apparently been breaching the websites of healthcare institutes in Italy.

To get up to speed on early history of #OpSafePharma, start with Catalin’s post from March. See also this blog post from the Italian faction of Anonymous that explains the motivation for the operation: the invalid labeling of individuals as having “disorders” or “illnesses,” where the diagnoses are made based on unscientific tests and opinions of “experts.” In many cases, these diagnoses may result in the administration of psychoactive medications or referral to special services. The activists are concerned about the diagnosis of ADHD and associated diagnoses such as Hyperactivity, Conduct Disorder, and Obsessive-Compulsive Disorder.

And of course, they rightfully point out how BigPharma profits from the diagnosis and treatment of children.

Daniel_SenseCy picks up the story in September:

On August 21, 2016, Anonymous Italia and its affiliated hacktivist collective AntiSec-Italia, relaunched the campaign, this time dubbed #OperationSafePharma, targeting four different healthcare-related Italian institutions with website defacement attacks and substantial data leakages. The outcomes of the operation, namely the screenshots of the defaced websites and the addresses of the downloadable data leakages, uploaded on dedicated file sharing platforms, were announced on the social media outlets of AntiSec-Italia, specifically on their Facebook page and Twitter account.

Their analysis of the data dumps found approximately 2.5 GB of data, stolen from the databases of two prominent Italian healthcare institutions:

We acquired the leaked databases and, upon verification, we assess that they mostly contain internal communications, as well as a great volume of personal data relating to the in-house personnel of the two healthcare institutions, mainly CVs of the physicians and administrative executives working in the facilities. We did not find any indications that medical records of patients treated in these healthcare facilities were disclosed or compromised during the data leakage. Notably, the most recent documents we detected within the stolen files are dated August 5, 2016.

So at the present time, there doesn’t seem to have been any leaking of patient records, and it seems their intent is to go after healthcare institutions. It’s not yet clear to me why they are not going after the BigPharma companies themselves and why they are not going after the government itself. A post this week by Cimpanu suggests that the hacktivists are protesting government policy, but frankly, it’s not clear to me from the translated materials I’ve read whether they are protesting some specific law or whether they are protesting how the medical profession overdiagnoses ADHD and pushes medication on those who may neither need it nor want it, or if they’re protesting the influence of BigPharma – or all of those three possibilities.

Clearly, these hacks would seem to rightfully fall under the umbrella of “hacktivism.” There seems to be no motivation to steal or dump patient data or to harm patients. To the contrary, the motivation seems to be to protect people from unwanted, unneeded, and possibly dangerous “treatments.”

I have reached out to @AntiSec_ITA to request a chat. I really would like to understand their targets and rationale better. If I do find out more, I’ll update this post. It’s not often we see hacktivists oriented to these types of issues.

About the author: Dissent