Ransomware attack cripples 18 hospitals in Romania

The National Cyber Security Directorate (NCSD) in Romania notified that a massive ransomware attack crippled the Health information system (HIS), a system which is used by hospitals across the country to manage patient data and medical activities. As a result, NCSD reported that at least 18 hospitals were affected.

The Romanian National Cyber Security Directorate (DNSC) shared that the threat actor used the Backmydata ransomware to attack the production servers running the HIS IT system and encrypt the databases. It is estimated that the attack took place between 11 and 12 February 2024.

It is unclear who was responsible for the attack and whether any medical data of patients were stolen.

A spokesperson of the Ministry of Health, stated, “As a result of the attack, the system is down, files and databases are encrypted.; NCSD is investigating the attack and, in a statement, mentioned, ‘We recommend that hospital IT teams are not contacted so they can focus on restoring IT services and data! This is the priority at the moment.’

Dr. Diana Bonto, a spokesperson at Targoviste ​County Emergency Hospital, one of the hospitals affected, shared that ‘Medical activities are being carried out under the limitations resulting from the incident.’

Why does it matter?

This cyberattack highlights the critical need for hospitals and the healthcare sector to prioritise and upgrade their cybersecurity capabilities. Healthcare organizations are experiencing a spike in cyberattacks, and research has shown those attacks can be deadly: cyberattacks on healthcare organisations increase mortality rates by more than 20%.