Massive Ransomware Attack Disrupts 100 Romanian Hospitals

In a significant cybersecurity incident, over 100 hospitals in Romania have been brought to a standstill following a ransomware attack on the Hipocrate platform, a critical infrastructure that manages IT systems for numerous healthcare providers. The attack occurred during the night of February 11, severely impacting production servers, encrypting files and databases, and rendering them inaccessible to the affected medical institutions. Initially, 21 hospitals were directly hit by the ransomware, with the number increasing to 25 after further assessment. In a precautionary response, an additional 79 hospitals voluntarily took their systems offline pending further investigation.

The National Cybersecurity Directorate (DNSC) of Romania, in an official communique dated February 13, confirmed the cyberattack but found no evidence of data exfiltration thus far. The update also noted an increase in the number of hospitals impacted and disclosed a ransom demand of 3.5 BTC (approximately $100,000). The identity of the attackers remains unknown. The DNSC strongly advised against contacting the attackers or paying the ransom, urging affected hospitals to isolate compromised systems without shutting them down to preserve forensic evidence.

In its guidance, the DNSC emphasized the importance of isolating the affected systems from broader networks and the internet, recommending the restoration of services from data backups only after ensuring the systems are thoroughly cleansed and updated with the latest security patches.

Experts Highlight Growing Threat to Healthcare Cybersecurity

Javvad Malik, a lead security awareness advocate at KnowBe4, highlighted the increasing frequency of cyberattacks targeting healthcare systems. He stressed the critical need for robust cybersecurity defenses, regular updates, and backups to mitigate such threats. Malik pointed out that dealing with ransomware attacks requires a unified approach that encompasses not only immediate technical responses but also long-term preventive strategies to foster a resilient security culture within healthcare institutions.

Echoing the concern, Tim Mackey, the head of software supply chain risk at Synopsys Software Integrity Group, remarked on the heightened risk faced by healthcare providers from cybercriminal activities. He warned that any breach involving Personal Health Information (PHI) could have severe implications, allowing attackers to exploit patient trust. Mackey further cautioned about the potential for attackers to alter patient data, posing significant risks to patient safety and complicating recovery efforts.

This incident underscores the critical importance of cybersecurity in the healthcare sector, highlighting the potential consequences of such attacks on patient care and the necessity for ongoing vigilance and preparedness against cyber threats.