Patients In Peril: Bitcoin Ransomware Cripples Hospitals Across Romania

In a devastating cyber attack, over a hundred healthcare facilities in Romania have fallen victim to a ransomware assault, disrupting critical operations and compromising patient care, reports from local media disclose.

The attack, which targeted a widely used medical information system, unfolded overnight on Monday, leaving doctors and staff scrambling to resort to pen and paper as computer systems were rendered inaccessible.

Romanian cyber officials have responded swiftly, reporting that recent data backups have significantly reduced the impact of the attack. The Ministry of Health, in cooperation with IT specialists and cyber security experts from the National Cyber Security Directorate (DNSC), is actively investigating the incident to identify the perpetrators.

Ransomware Attack Forces Hospitals To Go Offline

According to the DNSC, the initial target of the attack was the Pitesti Paediatric Hospital, and subsequently, 25 other hospitals were affected. The affected hospitals include children’s and emergency facilities, with additional medical centers opting to go offline as a precautionary measure.

As investigations continue, an additional 79 healthcare facilities have taken their systems offline to ascertain whether they have been compromised.

The cyber extortionists behind the attack have demanded a hefty ransom of 3.5 Bitcoin, equivalent to over £130,000, to unlock the vital files they have maliciously encrypted.

While the hospitals with recent data backups are expected to recover relatively quickly, the repercussions for patients are likely to be profound. Numerous hospitals have had to disconnect internet-connected devices as a precaution, potentially affecting not only booking and record-keeping but also essential medical equipment like MRI scanners.

This ransomware attack brings to mind a similar incident that occurred in the United Kingdom in 2017. During that attack, 80 out of 236 hospital trusts across England were disrupted, leading to the cancellation or rescheduling of nearly 7,000 appointments. The NHS acknowledged the need for improvement and implemented various changes in response.

Frequency Of Ransomware Attacks

Ransomware attacks demanding payments in Bitcoin are not uncommon. In September, the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a report highlighting the increasing frequency of ransomware attacks.

In May 2017, the NHS faced a massive ransomware threat known as the infamous “WannaCry” attack, which caused widespread disruptions to hospitals nationwide.

While the malware type used in the Romanian attack has been identified, the responsible group remains unidentified. The ransom demand includes only an email address, leaving the authorities with limited leads to pursue.

It is worth noting that a 2023 report by Immunefi revealed that the top ten ransom payments globally amounted to nearly $70 million in Bitcoin. The report also indicated that Russian hacking collectives were predominantly responsible for deploying such malware. However, as of now, no entity has claimed credit for the ransomware attack on the Romanian hospitals.

The incident serves as a stark reminder of the ever-present threat posed by cybercriminals and the critical need for robust cybersecurity measures to safeguard sensitive information and vital infrastructure.

Featured image from iStock, chart from TradingView