Ransomware attack forces 18 Romanian hospitals to go offline


At least 18 hospitals in Romania were knocked offline after a ransomware attack took down their healthcare management system.

The Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data was targeted over the weekend and is now offline after its database was encrypted.

"During the night of 11-12 February 2024, a massive ransomware cyber-attack targeted the production servers running the HIS information system. As a result of the attack, the system is down, files and databases are encrypted," the Romanian Ministry of Health said.

"The incident is under investigation by IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), and the possibilities for recovery are being assessed.

"Exceptional precautionary measures have also been activated for the other hospitals not affected by the attack."

The ransomware attack affected various hospitals across Romania, including regional and cancer treatment centers, and a team of DNSC cybersecurity experts is currently investigating the cyber incident.

DNSC advised against reaching out to affected hospitals' IT teams "so they can focus on restoring IT services and data."

The list of impacted hospitals shared by the Ministry of Health by the time this article was published includes:

  • Emergency Hospital of Plastic, Reconstructive and Burn Surgery Bucharest

  • Azuga Orthopaedics and Traumatology Hospital

  • Emergency County Hospital "Dr. Constantin Opris" Baia Mare

  • "Sf. Apostol Andrei" Emergency County Clinical Hospital Constanta

  • Oncological Institute "Prof. Dr. Dr. Al. Trestioreanu" Institute Bucharest (IOB)

  • Military Emergency Hospital "Dr. Alexandru Gafencu" Constanta

  • Sighetu Marmației Municipal Hospital

  • Targoviste Emergency County Hospital

  • C.F. Clinical Hospital no. 2 Bucharest

  • Fundeni Clinical Institute

  • Iasi Regional Institute of Oncology (IRO Iasi)

  • Buzău County Emergency Hospital

  • Slobozia County Emergency Hospital

  • Institute of Cardiovascular Diseases Timișoara

  • Hospital for Chronic Diseases Sf. Luca

  • Colțea Clinical Hospital

  • Medgidia Municipal Hospital

  • Pitesti County Emergency Hospital

At the moment, there is no information on what ransomware operation encrypted the hospitals' medical services management platform or if the patients' personal or medical data was also stolen during the incident.

RSC, the software service provider behind the Hipocrate healthcare system, has yet to issue a public statement regarding this incident.

A RSC spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today via email and over the phone.