20+ hospitals in Romania hit hard by ransomware attack on IT service provider

3 months ago AndyC

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

20+ hospitals in Romania hit hard by ransomware attack on IT service provider

20+ hospitals in Romania hit hard by ransomware attack on IT service provider

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

Romania’s National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware – a variant of Phobos.

The DNSC advises not to contact the IT teams at affected hospitals “so they can focus on restoring IT services and data! This is the priority at the moment.”

Sign up to our free newsletter.
Security news, advice, and tips.

The affected hospitals all used the Hipocrate IT platform, developed by Romanian software company RSC to manage patients’ data and track their progress from initial admission to discharge.

Affected hospitals include:

  • Azuga Orthopaedics and Traumatology Hospital
  • Băicoi City Hospital
  • Buzău County Emergency Hospital
  • C.F. Clinical Hospital no. 2 Bucharest
  • Colțea Clinical Hospital
  • Emergency County Hospital “Dr. Constantin Opriș” Baia Mare
  • Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest
  • Fundeni Clinical Institute
  • Hospital for Chronic Diseases Sf. Luca
  • Institute of Cardiovascular Diseases Timișoara
  • Medgidia Municipal Hospital
  • Medical Centre MALP SRL Moinești
  • Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta
  • Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB)
  • Pitești Emergency County Hospital
  • Regional Institute of Oncology Iasi (IRO Iasi)
  • Sighetu Marmației Municipal Hospital
  • Slobozia County Emergency Hospital
  • St. Apostol Andrei Emergency County Hospital Constanta
  • Târgoviște County Emergency Hospital

The DNSC reports that 79 more hospitals using Hipocrate have disconnected from the internet in the wake of the attack. The attack was first spotted on Saturday, February 10 at the Pitești Paediatric Hospital.

According to the DNSC, most affected hospitals have backups of the data encrypted by the ransomware, which should aid recovery. But in at least one case, the most recent backup was saved 12 days ago.

Hat-tip: Thanks to reader Gheorghe for his assistance with this article.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

Hackers may have accessed thousands of accounts on California state welfare platform

Hackers may have accessed thousands of accounts on California state welfare platform

7 hours ago AndyC
Brokewell supports an extensive set of Device Takeover capabilities

Brokewell supports an extensive set of Device Takeover capabilities

13 hours ago AndyC

Friday Squid Blogging: Searching for the Colossal Squid

1 day ago AndyC
Experts warn of malware campaign targeting WP-Automatic plugin

Experts warn of malware campaign targeting WP-Automatic plugin

1 day ago AndyC
Cryptocurrencies and cybercrime: A critical intermingling

Cryptocurrencies and cybercrime: A critical intermingling

2 days ago AndyC
Kaiser Permanente data breach may have impacted 13.4 million patients

Kaiser Permanente data breach may have impacted 13.4 million patients

2 days ago AndyC

You may have missed

Hackers may have accessed thousands of accounts on California state welfare platform

Hackers may have accessed thousands of accounts on California state welfare platform

7 hours ago AndyC

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

10 hours ago AndyC
Brokewell supports an extensive set of Device Takeover capabilities

Brokewell supports an extensive set of Device Takeover capabilities

13 hours ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

13 hours ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

19 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.