In a devastating cyberattack, more than a hundred healthcare facilities in Romania have fallen victim to a ransomware attack, disrupting critical operations and compromising patient care, local media reports reveal.
The attackwhich targeted a widely used medical information system, unfolded overnight on Monday, leaving doctors and staff scrambling to resort to pencil and paper as computer systems became inaccessible.
Romanian cyber officials responded quickly and reported that recent data backups have significantly reduced the impact of the attack. The Ministry of Health, in cooperation with IT specialists and cybersecurity experts from the National Cyber Security Directorate (DNSC), is actively investigating the incident to identify the perpetrators.
Ransomware attack forces hospitals offline
According to the DNSC, the initial target of the attack was the Pitesti pediatric hospital and subsequently 25 other hospitals were affected. Affected hospitals include children's and emergency facilities, and other medical centers opted to go offline as a precaution.
While investigations continue, 79 other healthcare facilities have taken their systems offline to determine if they have been compromised.
The cyber extortionists behind the attack have demanded a hefty ransom of 3.5 bitcoinequivalent to over £130,000, to unlock vital files they have maliciously encrypted.
As of today, the market cap of cryptocurrencies reached $1.86 trillion. Chart: TradingView.com
While hospitals with recent data backups are expected to recover relatively quickly, the repercussions for patients are likely to be profound. Many hospitals have had to disconnect internet-connected devices as a precaution, which could affect not only bookings and record-keeping, but also essential medical equipment such as MRI scanners.
This ransomware attack is reminiscent of a similar incident that occurred in the United Kingdom in 2017. During that attack, 80 of 236 hospitals across England were disrupted, resulting in nearly 7,000 appointments being canceled or rescheduled. The NHS recognized the need for improvement and implemented several changes in response.
Image: Freepik
Frequency of ransomware attacks
Ransomware attacks demanding payments in bitcoin are not uncommon. In September, the National Cyber Security Center (NCSC) and the UK's National Crime Agency (NCA) published a report highlighting the increasing frequency of ransomware attacks.
In May 2017, the NHS faced a massive ransomware threat known as the infamous “WannaCry” attack, which caused widespread disruption to hospitals across the country.
While the type of malware used in the Romanian attack has been identified, the group responsible remains unidentified. The ransom demand includes only an email address, leaving authorities with limited leads to pursue.
It is worth noting that a 2023 report by Immunefi revealed that the top ten ransom payments globally amounted to almost $70 million in bitcoin. The report also indicated that Russian hacker collectives were primarily responsible for deploying such malware. However, so far, no entity has taken credit for the ransomware attack on Romanian hospitals.
The incident serves as a stark reminder of the ever-present threat posed by cybercriminals and the critical need for robust cybersecurity measures to safeguard sensitive information and vital infrastructure.
Featured image from iStock, chart from TradingView
