Executive Summary
A ransomware attack recently targeted the Hippocrates Information System, causing significant operational disruptions in over 20 hospitals across Romania. This incident forced healthcare facilities to revert to manual systems, severely impacting emergency services and the overall efficiency of patient care.
The Romanian National Cyber Security Directorate (DNSC) has confirmed the widespread effect of the attack, prompting an immediate investigation and recovery efforts. With a ransom demand of 3.5 BTC (approximately €157,000), the situation underscores the critical vulnerabilities within healthcare IT systems and the pressing need for robust cybersecurity measures.
These attacks not only highlight the financial and reputational risks associated with cyber threats but also raise concerns over patient safety and the healthcare sector’s preparedness to combat such incidents.
What Happened
A ransomware attack on a third-party healthcare management system caused significant disruptions in at least 20 hospitals in Romania. The attackers targeted the Hippocrates Information System, a crucial platform that hospitals use to manage patient diagnosis and treatment activities.
This cyberattack occurred over a single weekend, encrypting the system’s database and rendering it offline, forcing hospitals to revert to manual operations.
Impact
The cyberattack on hospitals in Romania has had a significant impact on healthcare services in the affected areas. As a result, emergency services, including emergency rooms and non-urgent surgery operating theaters, were suspended for 24 hours. Furthermore, the transition to paper-based systems for prescriptions and medical records has had a significant negative impact on the efficiency of patient care and hospital operations.
The Romanian National Cyber Security Directorate (DNSC) confirmed that 21 hospitals were directly impacted by the attack, and an additional 79 hospitals took their systems offline as a precautionary measure. This incident underscores the vulnerability of healthcare institutions to cyber threats and highlights the critical need for enhanced cybersecurity measures.
Response
In response to the data breach in Romania hospitals, IT specialists, including cybersecurity experts from the DNSC, are investigating the incident and assessing recovery options.
The DNSC has activated exceptional precautionary measures for other hospitals not affected by the attack to prevent further incidents. Also, they have advised against contacting the IT teams of affected hospitals to allow them to concentrate on restoring IT services and data.
Additionally, the DNSC revealed that the attackers demanded a ransom of 3.5 BTC (approximately €157,000). Fortunately, most of the affected hospitals had recent backups of their data, which could help mitigate the effects of the data loss. Accordingly, this situation highlights the importance of robust cybersecurity defenses and regular data backups to protect against ransomware attacks and other cyber threats.
Cyberattacks Targeting Healthcare
This ransomware attack affecting numerous hospitals in Romania comes shortly after a significant data breach in France involving health insurance service providers. Although there is currently no confirmed data disclosure resulting from the disruptive ransomware attack in Romania, it is not unlikely.
Unfortunately, healthcare organizations worldwide are often targeted by cybercrime groups, some of which lead to significant disruptions in health services.
In July 2023, the European Union Agency for Cybersecurity (ENISA) published a report for the health sector in Europe. This threat landscape report aims to provide new insights into the reality of the health sector. The report is based on the cyber incidents from January 2021 to March 2023. It highlights the following key points:
- Ransomware Dominance: Ransomware is the primary threat, constituting 54% of incidents, and significantly impacts health organizations through data breaches.
- Targeted Entities: Hospitals are major targets, accounting for 42% of incidents, followed by health authorities and the pharmaceutical industry.
- Data Leakage: Data leaks occurred due to malicious insiders or, more commonly, accidental exposures. These leaks resulted from poor security practices and misconfigurations.
- Supply Chain Vulnerabilities: Attacks on healthcare supply chains and service providers underscore the importance of securing the healthcare ecosystem.
- Rise in DDoS Attacks: An increase in DDoS attacks, mainly by pro-Russian groups, though with relatively low impact.
- Financial and Reputational Impact: Security incidents can lead to significant financial losses, estimated at a median of €300,000, and reputational damage.
- Patient Safety Concerns: Patient safety emerges as a major concern. This includes the potential for delays in treatment and risks to patient well-being from sensitive information exposure or extortion.
- Preparedness Gap: Many organizations do not have dedicated ransomware defense programs and security awareness programs for non-IT staff. This highlights the urgent need for improved cyber hygiene practices. Recommendations include:
- Creating offline encrypted backups of mission-critical data,
- Providing security awareness training for all staff,
- Conducting regular vulnerability scans,
- Improving authentication practices,
- Ensuring basic cyber incident response plans are in place and maintained