More than 100 healthcare facilities in Romania have fallen victim to ransomware attacks, disrupting critical operations and compromising patient care, local media reported.
The attack, targeting a widely used medical information system, unfolded on Monday night and left doctors and staff scrambling to rely on pen and paper as computer systems became inaccessible.
Romanian cyber officials responded quickly and reported that recent data backups had significantly reduced the impact of the attack. The Ministry of Health, in collaboration with IT experts and cybersecurity experts from the National Cyber Security Service (DNSC), is actively investigating this incident to identify the perpetrators.
Ransomware attack takes hospital offline
According to DNSC, the initial target of the attack was Pitesti Children’s Hospital, and 25 other hospitals were later affected. Affected hospitals include children’s and emergency facilities, with additional medical centers choosing to go offline as a precaution.
As the investigation continues, an additional 79 health care facilities have had their systems taken offline to determine if their systems have been compromised.
The cyber extortionists behind the attack demanded a hefty ransom of 3.5 bitcoins, equivalent to more than £130,000, to unlock sensitive files they had maliciously encrypted.
As of today, the market cap of cryptocurrencies reached $1.86 trillion. Chart: TradingView.com
Hospitals that have recently backed up their data are expected to recover relatively quickly, but the impact on patients is expected to be significant. Many hospitals have had to disconnect devices connected to the internet as a precaution, potentially impacting appointments and record keeping as well as essential medical equipment such as MRI scanners.
This ransomware attack is reminiscent of a similar incident that occurred in the UK in 2017. During the attack, 80 of 236 hospitals across England were disrupted, with around 7,000 appointments canceled or rescheduled. The NHS recognized the need for improvement and implemented a number of changes in response.
Image: Freepik
Ransomware attack frequency
Ransomware attacks demanding Bitcoin payment are not uncommon. Last September, the UK’s National Cyber Security Center (NCSC) and the National Crime Agency (NCA) released a report highlighting the increasing frequency of ransomware attacks.
In May 2017, the NHS faced a massive ransomware threat known as the infamous “WannaCry” attack, which led to widespread disruptions in hospitals across the country.
Although the type of malware used in the Romanian attack has been identified, the group responsible has not yet been identified. The ransom demand included only an email address, giving authorities limited leads to follow.
A 2023 report from Immunefi found that the top 10 ransom payments globally were in Bitcoin, amounting to nearly $70 million. The report also noted that Russian hacking groups are primarily responsible for distributing this malware. However, to date, no group has claimed responsibility for the ransomware attack on Romanian hospitals.
This incident serves as a stark reminder of the ever-present threat posed by cybercriminals and the need for robust cybersecurity measures to protect sensitive information and critical infrastructure.
Featured image from iStock, chart from TradingView