Key facts
- Over 100 Romanian hospitals disconnected from the internet to combat a national cyber-attack in February 2024.
- The attack spread through a medical system called Hippocrates, infecting hospitals with BackMyData ransomware.
- Medical staff reverted to using pen and paper for patient records and care.
- The national cyber-security centre coordinated the response, urging hospitals not to pay the ransom.
- Most hospitals were restored within five days, though some data was lost.
- The incident is considered one of the worst cyber-attacks on healthcare systems globally.
A widespread cyber-attack in February 2024 forced over 100 Romanian hospitals to disconnect from the internet, reverting to pen-and-paper methods to protect patient care. The attack, which spread through a popular medical software system called Hippocrates, infected networks with the BackMyData ransomware strain, scrambling files and demanding a ransom in bitcoin.
Cyber-security officials at Romania's national cyber-security centre (DNSC) made the difficult decision to order the internet disconnection, halting the hackers' progress and buying time to assess the damage and develop a response. Medical staff, including surgeon Oana Goidescu, described the challenges of managing patient records, lab tests, and medication without digital systems, relying on offline workarounds and paper documentation.
Investigators identified 26 hospitals as being infected. While uninfected hospitals were brought back online with enhanced security, those affected worked to restore systems from backups. The DNSC also utilized media communication to inform the public and patients, urging them to avoid hospitals unless necessary and advising against contacting or paying the hackers, who had demanded €160,000 in bitcoin. The decision not to pay the ransom was a national one.
Within five days, most hospitals had restored their systems, though some data was permanently lost. The incident has become a case study for disaster planners internationally, highlighting the increasing vulnerability of healthcare systems to cyber-attacks. The FBI has noted healthcare as the most targeted sector of critical national infrastructure. Police are investigating the attack, with previous ransomware gangs linked to BackMyData having faced international action.