Search
Close this search box.

Romanian Healthcare System Laid Low by Attack on Shared Software Platform

The author

Cybercriminals, it is widely observed, have a fondness for weekends. This is not by chance—at weekends organizations are short-staffed, making this the best time to launch a cyberattack.

It’s a pattern that played out in a ransomware attack on the Romanian health system on Sunday, Feb. 11, that sent some of the country’s most important hospitals back to the world of pen and paper.

First reports put the number of hospitals affected at 18, which soon climbed to 21, then 25, and then 30. It quickly became apparent that this was only for starters.

The attack targeted the Hipocrate Information System (HIS), a service provider platform used by hospitals to store and manage patient data, which was encrypted. Because this is widely used across healthcare in Romania, around 75 other hospitals decided to unplug themselves from it as a precaution.

Given that no hospital IT team was sleeping easily at this news, it’s not an exaggeration to describe this incident as a Denial of Service attack on the entire Romanian health system.

Early Warning

The attack serves as a reminder of how exposed health systems remain to ransomware despite years of similar incidents.

The early warning was WannaCry in 2017, which among its many commercial victims, crippled dozens of National Health Service (NHS) Trusts in the United Kingdom. Not everyone believes the event was a simple ransomware attack but the potential for major disruption was palpable.

What happened to the Irish Health Service Executive (HSE) in 2021 was a much clearer case study. A download to a single workstation set off a Conti ransomware attack which in 2023 the Irish government reckoned had cost an estimated €144 million ($150 million) in response, recovery and upgrades costs. The eventual bill for the latter could take the bill to approaching €700 million.

According to security vendor Sophos, the frequency of ransomware attacks on healthcare doubled between 2021 and 2023. As with the latest attack on Romanian hospitals, encryption is still the main tactic against a sector that quickly struggles without data access for any period of time.

Ransom Peanuts

The most frustrating aspect of the attack is how basic it seems to have been. Full details of the incident have not been released, but press reports suggest that the ransom demanded was 3.5 bitcoins, equivalent to around €160,000 in mid-February.

By ransomware standards, this is peanuts. That could be because the attack was really a nation state attack in disguise (with ransomware it’s sometimes hard to tell) or because a small-time ransomware affiliate hit the big time and unexpectedly took down a healthcare system.

Either way, this incident looks like more bad news. If this was a commercial attack gone haywire, that suggests that even small and less sophisticated ransomware groups can now cause mayhem. Alternatively, nation states are stepping up their attacks against critical infrastructure. Neither is a good omen. We must hope that the healthcare systems of other countries have been better secured.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.

A REVEALING REPORT FOR IT PROFESSIONALS BY IT PROFESSIONALS

Share via
Copy link
Powered by Social Snap