Digital healthcare is still an absolutely critical element, also due to a non-federalised and heterogeneous organisation between regions. It is often the patients who suffer, but sometimes also the doctors.
When one speaks of digital health, the electronic health record comes to mind, but the reality is that behind these two words there are many other aspects that are often ignored by most users. We can certainly include in the concept of digital health information systems, communication networks and equipment, diagnostic and technical devices, and applications of various kinds (management for patients, administration, etc.). Each of these should be subject to specific security and change management (updating) measures. There is therefore a world, very complex and vast, that is often not seen adequately and that is often affected by IT incidents with major impacts on the entire healthcare chain. A shining example is what happened in Apulia in mid-October 2025.
Yesterday morning, 17 October 2025, an attempted hacker attack caused a blockage of computer systems in all public hospitals in Apulia, putting out of action essential services such as blood samples, registry management, choice and revocation of doctor, CUP, specialist visits, exemptions, prosthetic system, emergency-urgency alert systems and remote diagnosis. (Source: Assocare News)
In reality, the incident was not malicious, but culpable in nature: a double failure of the firewalling system created an operational blockade extended to all public hospitals in Apulia and forced the activation of extraordinary procedures. Certainly, this specific case seems to have been resolved in a short time (08:15-11:14 of 17/10/2025) and without any loss of information, but the thing that gives one pause for thought is the extent of the damage.
A possible approach
Healthcare would deserve a federated approach, similar to what AgID has done with the Guidelines for the Formation, Management and Preservation of Computer Documents. One could think of common procedures supported by uniform application environments, with procedures, technologies and security measures specifically drawn up for the healthcare sector. The regional in-house companies would have the task of supporting the implementation, providing services, guaranteeing security and support for the structures without neglecting business development in the territory. At the same time, however, a federated and controlled structure of the technical part at national level would be guaranteed (because it should be remembered that ours is a national health system). This approach would allow a balance to be struck between centralised monitoring by the authorities (AgID and ACN) and an important local autonomy to be protected.
Finally, there would be a further advantage: doctors often have problems combining working time with the necessary training to use IT tools. Often, changing healthcare facilities means radically changing the way of working: learning new interfaces, new procedures, and taking a considerable amount of time. The ability to standardise processes (and there are certainly some that are common among all hospitals), together with creating operating environments that are as similar as possible, would make it possible to greatly reduce these times and asperities. Such an approach would reduce regulatory fallout, allow for more timely and effective emergency management, and allow for the refinement of procedures by defining good practices and thus standards.
An example: Instrument 22
It is worth mentioning that in the ICT Three-Year Plan 2023-2026 there is a tool called‘Tool 22 – Models and procedures for the processes of simplification, digitisation and internal reorganisation and for the technological evolution of applications and networks‘ that goes precisely in that direction. The tool reads:
[…] to standardise the administrative models to be used for the implementation of administrative procedures aimed at the digitalisation of the PA (by way of example, with reference to ICT procurement and authorisations for the installation of electronic communication network equipment), in order to standardise behaviour and simplify processes, ensuring greater effectiveness and efficiency of administrative action. (Source: AgID)
Instrument 22 is not the solution but the starting point from which to think of a healthcare system with greater homogeneity, without giving up the regional identity so dear to the territories. A modular project development would, in fact, make it possible to start with the design and implementation of specific procedures/functions and then extend them over time.
Conclusions
It is worth reflecting carefully on digital health because the current condition in which it continues to operate does not meet current regulatory requirements at all. Recent cases (we could also mention what happened to the Aware Patient platform) clearly outline the inadequacy of a system in charge of managing and processing data of absolute importance. There are numerous contexts in which the federation of a project has been successfully implemented and certainly something needs to be done considering that in support of the difficult situation in public health, private structures may be involved that are not always able to guarantee adequate security (remember the Multimedica case).
