Article Details

Ransomware attack forces 25 Romanian hospitals to go offline. Over two dozen hospitals in Romania have taken their systems offline after a ransomware attack took down their healthcare management system. The Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data was targeted over the weekend and is now offline after its database was encrypted. "During the night of 11-12 February 2024, a massive ransomware cyber-attack targeted the production servers running the HIS information system. As a result of the attack, the system is down, files and databases are encrypted," the Romanian Ministry of Health said. "The incident is under investigation by IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), and the possibilities for recovery are being assessed. "Exceptional precautionary measures have also been activated for the other hospitals not affected by the attack." The ransomware attack affected various hospitals across Romania, including regional and cancer treatment centers, and a team of DNSC cybersecurity experts is currently investigating the cyber incident. DNSC advised against reaching out to affected hospitals' IT teams "so they can focus on restoring IT services and data." The list of impacted hospitals has been updated following an update shared by the DNSC after the article was published and it includes: Back to paper Since the systems were taken offline or shut down, doctors have been forced to return to writing prescriptions and keeping records on paper. "After 400 computers and servers were shut down, we worked mostly on paper," IRO Iasi manager Mirela Grosu told Agerpres. "I mean we did continuous admission records on paper, day admission records on paper, we wrote medical test recommendations on paper. Everything is done on paper, just as we did years ago." "All servers have been shut down. The Internet has also been shut down, so there will be no loss, data leakage or anything else," added systems engineer Florin Trandabăţ. At the moment, there is no information on what ransomware operation encrypted the hospitals' medical services management platform or if patients' personal or medical data was also stolen during the incident. RSC (Romanian Soft Company SRL), the software service provider behind the Hipocrate healthcare system, has yet to issue a public statement regarding this incident. A RSC spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today via email and over the phone. Update February 12, 11:29 EST: The Romanian National Cyber Security Directorate (DNSC) says the attackers used Backmydata ransomware to encrypt the hospitals' data, a ransomware variant from the Phobos family. In total, 21 hospitals were impacted by the attack, while 79 others using HIS have taken their systems offline as a precautionary measure while the incident is being investigated. "Most of the affected hospitals have backups of data on the affected servers, with data saved relatively recently (1-2-3 days ago) except one, whose data was saved 12 days ago," DNSC said. Update February 13, 05:43 EST: DNSC says the attackers have sent a ransom demand of 3.5 BTC (roughly €157,000). However, the name of the group claiming the attack is not mentioned in the ransom note, only an email address. Four more hospitals have also been added to the list of affected medical units bringing the total to 25, but there is currently no evidence of data theft: Revised article and title after DNSC's update on February 13.