100 hospitals across Romania have been forced to shut down their systems due to a ransomware attack on the Hipocrate Information System (HIS), a vital tool used by medical facilities to manage patient data and medical activities.
The assault, which occurred over the weekend, encrypted the database of the HIS, rendering it inaccessible and bringing operations to a standstill in numerous hospitals. As a result, of the attack 25 hospitals had their systems encrypted, and an additional 75 facilities have been disconnected from the internet as a precautionary measure while investigators assess the extent of the breach.
Among the affected institutions are regional hospitals and specialized centers, including those dedicated to cancer treatment.
The Romanian National Cyber Security Directorate (DNSC) revealed that the hackers behind the attack are demanding a ransom of 3.5 bitcoin (~$170,000) to decrypt the data. According to Romanian authorities, the intruders utilized the Backmydata ransomware, a variant from the notorious Phobos family, to encrypt the hospitals' data. Phobos is one of the ransomware families that are distributed via hacked Remote Desktop (RDP) connections. Most of Phobos’ variants are distributed by the SmokeLoader backdoor.
Most of the affected hospitals have backups of data from the affected servers, with data saved relatively recently (1-2-3 days ago) except for one, whose data was saved 12 days ago, DNSC said.