Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Romania’s Hospital Cyberattack Highlights Growing Ransomware Threats to Healthcare Systems

Romania’s Hospital Cyberattack Highlights Growing Ransomware Threats to Healthcare Systems and the importance of cyber resilience.

 

A large-scale ransomware attack that took place in the healthcare system of Romania in February 2024 makes for textbook material on how to respond to such incidents, as well as the challenges they present. The ransomware attack scenario started when criminals got hold of a hospital management system called Hippocrates and, using it as a vector, distributed BackMyData ransomware to encrypt data. 

One of the software’s main functions is processing and storing information on laboratory results, pharmacy claims, payroll, admission and discharge of patients, doctors, and other medical staff. After being locked, the hospitals had to pay nearly 160 thousand euros to decrypt the data, which is in Bitcoin. When some hospitals reported the ransomware attack, the National Computer Security Center (DNSC) took an extraordinary measure to order over a hundred facilities to disconnect from the internet to prevent the virus from spreading to other institutions. 

Consequently, the hospitals’ systems became unable to provide access to email, the Internet, and interconnected medical devices. To manage patients and keep the critical functions running, doctors and nurses used paper-based solutions to write down and manually input lab results, physician orders, and treatment plans. In parallel, hospital staff worked on taking down the ransomware and securing the system. 

Authorities eventually found out that the ransomware infection was confirmed in 26 hospitals, where the ransomware attack response team with the help of the system supplier isolated the contaminated systems from the network. After decrypting files and securing the system, the technicians returned the hospitals to the network and ensured there were no other problems. 

Throughout the ransomware incident, authorities provided the public with updates on the ransomware situation, telling the people to avoid visiting the facilities if possible and advising the hospitals not to give in to the attackers’ demands. Nevertheless, the response to the challenge was far from perfect, as Romania continues to face challenges with cybercrime. The patients complained about the inconvenience of standing in queues and having their tests processed manually, but the government did not go through with paying off the ransom. 

At the same time, it is worth noting that having up-to-date data backups allowed the hospitals to quickly restore their vital functions without having to wait for decrypting tools from hackers. Five days after the ransomware attack, most of the affected facilities had already returned to normal operations. At the same time, there were no reports of patient deaths or damage to health caused by the ransomware attack. Still, doctors and nurses had to manually enter a lot of the patient’s personal data, which took them several more weeks to finish, while some of the relevant information was lost altogether. 

So far, the ones behind the ransomware attack have not been revealed. Still, it has been reported that some of the suspects’ resources in Russia have been shut down by the police, while others are currently detained abroad. It is not yet known whether they will be brought to justice in Romania. The ransomware attack on the healthcare system of Romania serves as a reminder of how fragile our systems are and the importance of protecting them. 

In many ways, hospitals are a critical infrastructure component, meaning that potential attackers will always attempt to take advantage of them by holding vital functions hostage until they get a hefty ransom. Even though the ransomware response team handled the situation in Romania efficiently, the ransomware incidents in the UK and the US show that problems of that sort are far from being exclusive to Romania.
Share it:

Anonymous Romania

Cyber Attacks

cyber resilience

CyberSecurity Ransomware Attacks

Healthcare

Healthcare Cyberattacks

Healthcare cybersecurity