In a devastating cyber attack on Romania's healthcare management system, 100 hospitals across the country have been forced to shut down their systems as a precautionary measure. The Hipocrate Information System (HIS), widely used by hospitals to manage medical activity and patient data, fell victim to a ransomware attack over the weekend.

According to the Romanian Ministry of Health, the attackers targeted the production servers running the HIS information system during the night of February 11-12, resulting in the encryption of files and databases. As of now, 25 hospitals have confirmed that their data has been encrypted, while an additional 75 medical facilities using HIS have taken their systems offline as a precaution.

IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), are currently investigating the incident, assessing the possibilities for data recovery. The DNSC has revealed that the attackers employed the Backmydata ransomware variant from the Phobos family to encrypt the hospitals' data.

Although most of the affected hospitals have recent backups of their data, one hospital reported that its data was saved 12 days ago. Consequently, doctors have been forced to resort to handwritten prescriptions and paper records since the systems were shut down.

Mirela Grosu, the manager of the Regional Institute of Oncology Iasi (IRO Iasi), expressed the challenges faced by medical staff. "After 400 computers and servers were shut down, we worked mostly on paper," said Grosu. "Continuous admission records, day admission records, and medical test recommendations are all being done on paper, just as we did years ago."

To further safeguard the hospitals, all servers have been shut down, and the internet has been disconnected, to prevent any data loss or leakage, according to systems engineer Florin Trandabăţ.

The attack has affected various hospitals across Romania, including regional and cancer treatment centers. The DNSC is spearheading the investigation into the attack's impact on these facilities. Although there is no evidence of data theft thus far, the extent to which patients' personal or medical data may have been compromised remains unknown.

Romanian Soft Company SRL (RSC), the software service provider responsible for the Hipocrate healthcare system, has yet to issue a public statement regarding this incident.

Updates:

As of February 12, DNSC confirmed that the attackers used Backmydata ransomware and that the hospitals had recent backups of their data.

On February 13, DNSC reported that four more hospitals had fallen victim to data encryption, bringing the total to 25, but there is currently no evidence of data theft.