Romania’s healthcare system faced one of its biggest cyber crises in February 2024 when a widespread ransomware attack targeted hospitals across the country, disrupting critical medical services and exposing the growing vulnerability of healthcare infrastructure to cybercriminals.
The attack began when hackers infiltrated the systems of Bucharest-based software company RSC, compromising its widely used hospital management platform, Hippocrates. As the malicious software rapidly spread to connected hospitals, officials at Romania’s National Directorate for Cyber Security (DNSC) realized immediate action was necessary to prevent a nationwide catastrophe.
Faced with limited options, DNSC Director Dan Cimpean instructed more than 100 hospitals to disconnect from the internet immediately. The drastic measure successfully halted the spread of the ransomware but also left hospitals without internet access, email services, and connected medical systems.
Medical staff were forced to abandon digital records and return to manual processes, relying on handwritten documentation and paper-based workflows while cybersecurity experts investigated the breach and IT teams worked to restore operations.
The incident has since become an important case study for disaster response planners worldwide, demonstrating how healthcare systems can continue functioning during a major cyberattack.
Surgeon Oana Goidescu, who was working at Buzău Hospital when the attack unfolded, described the challenges medical staff faced.
“It was quite an unpleasant experience, because an IT record is not just a list of patients.” She explained the extent of the disruption by adding: “For each patient, we request lab tests, radiology, medicines and supplies. All of that was gone.”
The Hippocrates platform plays a central role in hospital operations, handling patient admissions, laboratory requests, pharmacy logistics, payroll, medical records, and diagnostic results. Once compromised, hospitals across Romania experienced widespread service failures.
The ransomware used in the attack, known as BackMyData, encrypted hospital files and demanded payment in Bitcoin to restore access.
The first warning signs appeared at Pitești Children’s Hospital on the morning following the breach. By the next day, numerous hospitals reported that their Hippocrates systems had stopped functioning.
Cybersecurity specialists collaborated closely with the software provider to identify infected systems, isolate the malware, and begin recovery efforts.
Meanwhile, hospitals developed temporary offline systems to continue treating patients.
Vlad Paic from Carol Davila Hospital explained how his team adapted. When we saw the system would not be repaired quickly, we developed an offline method so we could register every patient. He added:”We asked the laboratory to give us results on paper. We used Excel and other offline tools to ensure care was not affected.”
Romania’s relatively recent transition to digital healthcare systems proved somewhat beneficial, as many staff members were still familiar with traditional paper-based procedures.
Investigators later confirmed that 26 hospitals had been directly infected with the BackMyData ransomware. Unaffected hospitals were gradually reconnected to the internet after additional cybersecurity protections were implemented.
Authorities also relied heavily on public communication throughout the crisis. Patients were advised to avoid hospitals unless absolutely necessary, helping reduce pressure on already strained facilities.
Despite these efforts, medical
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: