Almost 26 hospitals in Romania have been hit by ransomware, forcing them to go offline and return to using pen and paper.
The main target of the attack was the Hipocrate Information System (HIS) which is used by hospitals to store patient details, history, and other medical updates.
During the night of 11-12 February 2024, a massive ransomware cyber-attack targeted the production servers running the HIS information system. As a result of the attack, the system is down, files and databases are encrypted.Romanian Ministry of Health
The perpetrators have demanded a ransom of 3.5 Bitcoins which is roughly $175,000. An email address has been linked with the demand but no name, address, or other details were found.
The note said that confidential data has been stolen and if the ransom isn’t paid, it will be sold. The DNSC has asked the victims to neither contact the hackers nor give in to their demands.
Timeline Of The Attack & Extent of Damage
Romania’s National Cyber Security Directorate (DNSC) revealed that the attack first started on Saturday, February 10, at a children’s hospital. The rest of the hospitals were targeted on the 11th and 12th of February. The ransomware has been identified as Backmydata but the group behind the attack is yet to be identified.
As of now we only know that the data of 26 hospitals have been encrypted. But what those encrypted files contain is still unknown.
Backymydata is a part of the Phobos family of malware. These miscreants typically look for vulnerabilities in Remote Desktop Protocol (RDP) such as weak login credentials. Once inside, this ransomware deletes shadow copies of the files on the system, disables firewalls, and then encrypts the data.
The total count of victims was 25 up until Monday. But the DNSC announced that on Tuesday, the count went up to 25. So far 75+ medical institutions have been forced to go offline to help with the ongoing investigation and prevent the ransomware from spreading any further.
The matter is currently being investigated by IT specialists such as cyber security experts from the National Cyber Security Directorate (DNSC). The extent of the impact and probability of recovery is yet to be determined.
The good news is that most of the hospitals that were hit by the malware had backed their data 1 to 3 days ago. So it shouldn’t take them long to get back online.
But unfortunately one of them has no backup for any data in the last 12 days. In case they are unable to get it back, the loss and disruption in operation will be significant.
Going back to pen and paper is certainly difficult. But that’s not the main concern. The bigger problem is that it doesn’t just hamper data entry and patient record management, but also the operation of machines like MRI scanners.
In that case, the patients would be in much deeper trouble. Among the affected victims are also cancer hospitals where every second matters for a patient.
RSC (Romanian Soft Company SRL), the software provider of the Hipocrate healthcare system, is yet to release a public statement. They were also not available for any comment.
Ransomware has been a growing problem for some years now. 2023 saw a record ransom payment of $1.1 billion despite various sanctions imposed by governments across the globe.
