A ransomware attack has crippled healthcare operations in at least 21 hospitals across Romania, impacting their ability to manage medical activity and patient data through the Hipocrate Information System (HIS). The attack, which occurred over the weekend, encrypted the system’s database, rendering it offline.
The Romanian Ministry of Health confirmed the cyber incident, stating that the HIS production servers were targeted, resulting in file and database encryption. An investigation led by IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), is underway to assess recovery options.
As a precautionary measure, exceptional protocols have been activated for unaffected hospitals, while DNSC cybersecurity experts are investigating the attack’s scope and impact. The affected hospitals, including regional centers and cancer treatment facilities, have been forced to revert to manual record-keeping and prescription writing due to the system’s shutdown.
The DNSC has identified the ransomware variant used in the attack as Backmydata, a member of the Phobos family. While most impacted hospitals have recent data backups, one facility’s data was last saved 12 days ago. Additionally, 79 other hospitals utilizing HIS have proactively shut down their systems pending further investigation.
The software service provider, Romanian Soft Company SRL (RSC), responsible for the Hipocrate healthcare system, has yet to issue a public statement regarding the incident. DNSC continues to advise against direct communication with affected hospitals’ IT teams to prioritize restoration efforts.