Romanian Health Information System hit by ransomware, at least 21 hospitals impacted
At least 21 hospitals across Romania experienced major disruptions due to a ransomware attack on the Hipocrate Information System (HIS), a healthcare management system for medical activity and patient data management. The cyber-attack, occurred during the night on February 11th, 2024 and resulted in the encryption of databases and files, taking the HIS offline.
The attack prompted an immediate investigation by IT and cybersecurity specialists, including those from the National Cyber Security Directorate (DNSC), to assess recovery options and implement exceptional security measures for unaffected hospitals. The software service provider behind the Hipocrate system, Romanian Soft Company SRL (RSC), has not made any public statements regarding the breach.
Update - More than 100 health care facilities in Romania are offline after hackers launched a ransomware attack on at least 25 hospitals, the country’s cybersecurity agency said Tuesday. According to the Romanian National Cyber Security Directorate, the attack started with the Pitesti Pediatric Hospital and quickly spread to others. An additional 79 health care facilities have disconnected from the internet to try to avoid the hackers. The hackers have asked for $3.5 bitcoin in ransom, the equivalent of almost $170,000.
The DNSC identified the ransomware as Backmydata, part of the Phobos family, with 21 hospitals directly impacted and 79 others preemptively taking their systems offline as a cautionary step. The affected hospitals include a wide range of specialized institutions from pediatric to oncological treatment centers, illustrating the broad impact of such cyber-attacks on public health services. The affected hospitals include:
As of now, there has been no information regarding the specific ransomware group responsible or whether patient data was compromised beyond the encryption of the HIS.
Most affected hospitals had recent backups, except for one with data saved 12 days prior to the attack. The incident has forced healthcare providers to revert to manual, paper-based methods for patient care and records management.