Romania: Hospitals Offline After Cyberattack

In Romania, a minimum of 25 hospitals have faced severe operational challenges due to a vast ransomware assault, which has debilitated the local healthcare management system.

The Hipocrate Information System (HIS), employed by Romanian hospitals for orchestrating medical operations and managing patient data, fell victim to an attack this past weekend. As a result, the system’s database was encrypted, rendering HIS inaccessible.

Linux ransomware attacks

The Romanian Ministry of Health reported the incident during the night between February 11th and 12th. The onslaught on the production servers hosting the HIS information system led to a total system failure, with files and databases encrypted by Backmydata ransomware—a variant within the Phobos ransomware family.

Following the transition of systems to standalone mode or their disconnection, physicians were compelled to resort to handwriting prescriptions and maintaining records on paper.

The incident is under scrutiny by IT specialists, including experts from the Romanian National Directorate for Cybersecurity (DNSC). An additional 75 medical institutions utilizing HIS also disconnected their systems as a preventive measure during the investigation’s duration.

Most of the affected hospitals have backups of data on the affected servers, with data saved relatively recently (1-2-3 days ago) except one, whose data was saved 12 days ago,” DNSC reported.

The attack has affected a multitude of hospitals throughout Romania, including regional and oncological centers. Cybersecurity experts from the DNSC are currently investigating the incident and advise against disturbing the IT teams of the impacted hospitals, enabling them to focus on the restoration of services and data.

The malefactors have already demanded a ransom of 3.5 BTC (approximately 157,000 euros). However, the ransom note does not mention the name of the responsible group, only an email address.

It’s improbable that RSC, the software provider for the Hipocrate medical system, will concede to the ransom demand, as the existence of backup copies significantly facilitates recovery. IT specialists are expected to address the situation and promptly rehabilitate the compromised system.