Ransomware paralyzes over 100 hospitals in Romania
Impact of the cyberattack on the national healthcare system and actions taken
A ransomware attack hit the Hipocrate platform in Romania, paralyzing over 100 hospitals. The criminals demanded a ransom of 3.5 BTC (~$100,000). Authorities recommend not paying and isolating infected systems.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
A serious ransomware attack hit the Hipocrate platform, essential for managing the IT infrastructure of several healthcare facilities in Romania, leaving over 100 hospitals without service. It should be noted that the cyberattack occurred on the night of February 11, with production servers being compromised, leading to the encryption of files and databases, consequently making them inaccessible to the affected healthcare facilities. Originally, 21 hospitals were directly affected by the attack, a figure which increased to 25 following further verification, while a further 79 voluntarily disconnected their systems as a precautionary measure during the ongoing investigation.
National Directorate for IT Security confirms redemption in BTC
An official bulletin dated February 13, released by Romania's National Directorate for Cyber Security (DNSC), confirmed the absence of evidence of data theft. Despite this, the involvement of 4 other hospitals emerged. The communication, translated with Google, also revealed that the attackers were asked for a ransom of 3.5 BTC, equivalent to approximately 100,000 US dollars. The identity of the attackers still remains unknown.
DNSC recommendations to affected facilities
The DNSC, together with other cybersecurity authorities involved in the analysis of the case, urges hospitals not to contact the cyber-criminals or satisfy their ransom demands. The Directorate also recommends that facilities using the Hipocrate technology platform isolate any compromised systems from the rest of the network and the Internet, but not shut them down in order to preserve evidence in volatile memory.
Post-attack recovery procedure
It is advisable to proceed with the restoration of compromised IT systems only after a thorough remediation of the entire system, using backups of pre-existing data. Before reactivating them, it is essential that all applications and operating systems are updated with the latest security patches, to avoid further vulnerabilities and risks of reinfection.Follow us on WhatsApp for more pills like this