Ransomware Attack Disrupts Services in 18 Hospitals!

Romanian authorities have reported a devastating ransomware attack on multiple medical facilities using the Hipocrate Information System (HIS) healthcare management system. The system became non-functional, making hospital staff unable to access files/databases and forcing patients to wait in emergency rooms. For your information, hospitals use this system to manage medical activities and patient data.

The Romanian Ministry of Health confirmed that the system is down at the impacted hospitals and that their file/databases are encrypted. The ministry advises hospitals to focus on restoring IT services and data and urges users to not reach out to IT staff to help them focus on restoration job. Hospitals are working with the National Cybersecurity Center to identify and address the issues, Health Minister Alexandru Rafila stated.

Rafila initially claimed that 15-20 hospitals in Romania and Bucharest could be facing operational difficulties due to the attack, which took place on production servers running HIS IT system. It started on the night of 11-12 February. As per the latest update, at least 18 medical facilities have been affected in this attack. Some hospitals’ websites, including Fundeni Clinical Institute or Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta are unreachable.

Romania’s National Cyber Security Directorate (NCSD) has dispatched specialists to investigate the incident. The identity of the attacker and the theft of patients’ data remain unclear.

“We don’t have the information, but we are working together with the National Cybersecurity Center to elucidate the causes and remedy them,” the minister said.

The list of the eighteen impacted hospitals shared by Romanian-Insider includes the following:

  • Buzău County Emergency Hospital
  • Slobozia County Emergency Hospital
  • Timișoara Institute of Cardiovascular Diseases
  • St. Luca Chronic Diseases Hospital
  • Colțea Clinical Hospital
  • Medgidia Municipal Hospital
  • Targoviste County Emergency Hospital
  • Sighetu Marmației Municipal Hospital
  • Pitești County Emergency Hospital
  • Regional Oncology Institute Iași (IRO Iași)
  • Fundeni Clinical Institute
  • “Sf. Apostol Andrei” County Clinical Emergency Hospital, Constanța
  • Azuga Orthopedics and Traumatology Hospital “Dr. Constantin Opris”
  • “Dr. Alexandru Gafencu” Military Emergency Hospital, Constanța
  • C.F. Clinic Hospital No. 2, Bucharest
  • Prof. Dr. Al. Trestioreanu Oncology Institute, Bucharest (IOB)
  • Baia Mare Emergency Hospital
  • The Emergency Clinical Hospital for Plastic Surgery, Reconstructive Surgery and Burns, Bucharest

Hospitals and medical facilities’ IT infrastructure are vulnerable targets for hackers. It was observed that threat actors generally exploit five pressure points: shutdown of medical appliances, loss of patient medical history, public backlash, and potential federal and criminal investigations.

In September 2020, German hospital named University Hospital Düsseldorf (UKD) suffer a reported ransomware attack which led to the death of a patient. In August 2023, cybersecurity researcher Jeremiah Fowler discovered a massive data leak at Cigna Health, a major health insurance company. The database, containing over 17 billion records, mainly contained healthcare provider information and negotiated medical procedure rates.

Then in November 2023, SafetyDetectives cybersecurity researchers reported a data breach involving over 2 million Turkish citizens’ vaccination data from 2015 to 2023. The data was likely extracted using an information disclosure vulnerability.

In January 2024, the ALPHV ransomware gang’s targeted attack on Transformative Healthcare. Attackers stole a terabyte of data, including medical and paramedic reports, exposing data of nearly 1 million people, including 20,486 Maine residents. The attacker accessed a server containing patient information, which Transformative claimed was stored to comply with legal obligations.

These incidents indicate how vulnerable hospitals’ data management systems could be. To protect patient data, hospitals should consider implementing better security controls. Hackers can make quick cash from selling Personal Health Information (PHI), which is worth more than PII.