Romanian authorities have confirmed a crippling ransomware attack on the Hipocrate Information System (HIS), impacting operations at a minimum of 100 hospitals. The HIS, a comprehensive software suite managing medical and administrative tasks, fell victim to a massive cyber assault on February 11, resulting in the encryption of data on production servers.
The Romanian Ministry of Health reported, “During the night of February 11 to 12, 2024, a massive cyber ransomware attack took place on the production servers on which the HIS IT system runs. As a result of the attack, the system is down, files, and databases are encrypted.”
Initially affecting 21 hospitals, the number later surged to 25, with an additional 79 hospitals proactively shutting down systems as a precaution. The Romanian Ministry of Health, supported by cybersecurity specialists and the National Cyber Security Directorate, is actively monitoring the situation. The government has implemented extraordinary preventive measures to safeguard other hospitals from potential impacts.
The DNSC revealed that the ransomware operators utilized a variant of the Phobos ransomware family, identified as Backmydata ransomware, demanding a payment of 3.5 BTC (approximately 157,000 EURO).
“Hospitals using the HIPOCRATE platform, regardless of whether they were affected or not, have since yesterday received a series of recommendations from the DNSC to properly manage the situation,” reported the DNSC.
In response to the incident, the DNSC issued a set of recommendations for affected hospitals, emphasizing the importance of identifying and isolating affected systems promptly. Organizations are advised to preserve ransom messages, logs, and communications, while refraining from shutting down impacted equipment to retain volatile memory evidence.
The DNSC further instructs affected entities to inform employees, customers, and business partners, conduct a thorough examination of system logs, restore systems from secure backups, and ensure all software and systems are updated and patched against known vulnerabilities. As of now, the extent of potential data theft by threat actors remains uncertain.
Reference: https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html