Over a hundred healthcare facilities in Romania were hit by a ransomware attack last week, with some hospitals left with no choice but to take their systems offline and use pen and paper.
The cyber criminals demanded 3.5 Bitcoin, worth over £130,000, to unlock important files that they had encrypted. However, Romanian cyber officials confirmed that data had recently been backed up, minimising the impact.
The Romanian Ministry of Health released a statement last Monday night following the attack, confirming: “During the night of February 11 to 12, 2024, a massive cyber ransomware attack took place on the production servers on which the HIS IT system runs. As a result of the attack, the system is down, files and databases are encrypted.”
The incident was under investigation by IT specialists, including cyber security experts from the National Cyber Security Directorate (DNSC), the ministry stated.
The DNSC said 25 hospitals were affected by the attack, with The Pitesti Paediatric Hospital hit first, which has since prompted 79 other healthcare organisations to be taken offline while investigations were carried out to find out if they had been affected.
The latest update from the DNSC came on Friday 16 February, where instructions were provided to all health entities, regardless of whether or not they have been affected by the ‘Backmydata’ ransomware attack, for the use of DNSC-YARA scan script, which scans and detects malware files.
The impact on patients is expected to be significant, as dozens of hospitals have switched off internet connected devices as a precaution, which could affect booking, records and machines such as MRI scanners.
Gerasim Hovhannisyan, CEO and co-founder of cyber security company EasyDMARC, said: ““As Romanian healthcare workers move towards pen and paper in the wake of the recent ransomware attack, we’re reminded of the importance of a detailed incidence response plan for all organisations, especially those that fall under the category of critical infrastructure.”
“As networks and systems become increasingly connected, operating more and more online, disruptions to the likes of hospitals and ambulance services can jeopardise patient care and safety. As a result, cyber-attacks shouldn’t be treated as a possibility, but a certainty, and a plan detailing how to operate without access to IT systems should be in place.”
This is one of the largest national level disruptions to a European healthcare system since the ransomware attack in the Republic of Ireland in 2021.