Romanian Health Information System hit by ransomware, at least 21 hospitals impacted

published: Feb. 12, 2024

Learn More

At least 21 hospitals across Romania experienced major disruptions due to a ransomware attack on the Hipocrate Information System (HIS), a healthcare management system for medical activity and patient data management. The cyber-attack, occurred during the night on February 11th, 2024 and resulted in the encryption of databases and files, taking the HIS offline.

The attack prompted an immediate investigation by IT and cybersecurity specialists, including those from the National Cyber Security Directorate (DNSC), to assess recovery options and implement exceptional security measures for unaffected hospitals. The software service provider behind the Hipocrate system, Romanian Soft Company SRL (RSC), has not made any public statements regarding the breach.

Update - More than 100 health care facilities in Romania are offline after hackers launched a ransomware attack on at least 25 hospitals, the country’s cybersecurity agency said Tuesday. According to the Romanian National Cyber Security Directorate, the attack started with the Pitesti Pediatric Hospital and quickly spread to others. An additional 79 health care facilities have disconnected from the internet to try to avoid the hackers. The hackers have asked for $3.5 bitcoin in ransom, the equivalent of almost $170,000.

The DNSC identified the ransomware as Backmydata, part of the Phobos family, with 21 hospitals directly impacted and 79 others preemptively taking their systems offline as a cautionary step. The affected hospitals include a wide range of specialized institutions from pediatric to oncological treatment centers, illustrating the broad impact of such cyber-attacks on public health services. The affected hospitals include:

  1. Pediatric Hospital Pitesti
  2. Buzău County Emergency Hospital
  3. Slobozia County Emergency Hospital
  4. "Sf. Apostol Andrei" Emergency County Clinical Hospital Constanta
  5. Pitești County Emergency Hospital
  6. Military Emergency Hospital "Dr. Alexandru Gafencu" Constanta
  7. Institute of Cardiovascular Diseases Timișoara
  8. Emergency County Hospital "Dr. Constantin Opriș" Baia Mare
  9. Sighetu Marmației Municipal Hospital
  10. Târgoviște County Emergency Hospital
  11. Colțea Clinical Hospital
  12. Medgidia Municipal Hospital
  13. Fundeni Clinical Institute
  14. Oncological Institute "Prof. Dr. Al. Trestioreanu" Institute Bucharest (IOB)
  15. Regional Institute of Oncology Iasi (IRO Iasi)
  16. Azuga Orthopaedics and Traumatology Hospital
  17. Băicoi City Hospital
  18. Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest
  19. Hospital for Chronic Diseases Sf. Luca
  20. C.F. Clinical Hospital no. 2 Bucharest
  21. Medical Centre MALP SRL Moinești

As of now, there has been no information regarding the specific ransomware group responsible or whether patient data was compromised beyond the encryption of the HIS.

Most affected hospitals had recent backups, except for one with data saved 12 days prior to the attack. The incident has forced healthcare providers to revert to manual, paper-based methods for patient care and records management.

Romanian Health Information System hit by ransomware, at least 21 hospitals impacted