A total of 100 hospitals in Romania have been impacted by a ransomware attack.
Authorities in Romania have confirmed that a ransomware attack against the Hipocrate platform that runs IT systems for many providers has taken at least 100 hospitals offline. It is understood that the attack took place on the night of February 11, with production servers being affected and resulting in files and databases being encrypted and so inaccessible by the hospitals concerned. It is understood that 21 hospitals were directly impacted by the attack, rising to 25 following the update this morning. However, 79 others took systems offline in an abundance of caution while investigations continue.
An official update published on February 13 by the National Cybersecurity Directorate (DNSC) in Romania, confirms that “there is so far no indication of data exfiltration”. However, four other hospitals are now known to have been impacted. The statement, translated using Google, also confirms that a ransom of 3.5 BTC ($100,000) has been demanded but the attacker has not been identified.
“Both the Directorate and other cyber security authorities involved in the analysis of this incident recommend not to contact the attackers and not pay the demanded ransom!” the statement reads. The DNSC further recommends that all hospitals using the impacted Hipocrate technology platform should isolate any affected systems from the rest of the network and the internet but not turn them off so as to preserve evidence in memory. Affected systems should be restored based on data backups once the full system has been cleaned up, with all applications and operating systems updated with the latest patches.
Javvad Malik, lead security awareness advocate at KnowBe4, said, “Attacks against healthcare systems have been growing. Unfortunately, it’s one of the continuing stark reminders of the necessity for robust cybersecurity measures, regular system updates, and backups. Responding to such attacks requires a coordinated effort, not just in the immediate technical response, but in long-term strategies such as building a strong security culture to bolster resilience against future attacks. Cybersecurity is not just an IT issue; it’s a fundamental component of patient care.”
Tim Mackey, head of software supply chain risk at the Synopsys Software Integrity Group, said, “Healthcare providers represent a high-value target for cyber criminals. Any breach of data that includes PHI represents information that an attacker can use to gain the trust of their victims. If the attacker is able to gain write access to any healthcare database, then they have the ability to modify patient information in ways that could impact the life of a patient while also being difficult to undo.”