Tuesday, 23 June 2026
Rīga TV

World and Latvian news in one place

WorldPublished: 23 June 2026 at 06:21

How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack

In February 2024, Romania faced one of the worst cyber-attacks on healthcare, forcing over 100 hospitals to disconnect from the internet and revert to paper records. The attack was contained with no reported deaths or serious harm to patients.

Foto: BBC World

In February 2024, a severe cyber-attack struck Romania's healthcare system, affecting more than 100 hospitals. The attackers breached Bucharest-based software firm RSC, infiltrating the widely used medical system Hippocrates, which manages everything from patient admissions to lab tests and pharmacy logistics. The ransomware, called BackMyData, encrypted files and demanded a ransom of €160,000 in bitcoin.

Staff at Pitești children's hospital first noticed errors on Sunday morning, and by Monday, many hospitals reported that Hippocrates was down. Dan Cimpean, head of Romania's Cyber-Security Directorate (DNSC), made the difficult decision to order all affected hospitals to disconnect from the internet immediately. This stopped the spread of the malware and bought time to assess the damage.

Medical personnel had to switch to pen and paper, improvising workarounds to protect patients. Surgeon Oana Goidescu from Buzău Hospital described the experience as unpleasant, as all digital patient records were lost. Some doctors noted that the transition to analogue processes was easier because Romania had only recently digitized its systems.

Cyber-investigators worked through the night and found that 26 hospitals had been infected. Uninfected hospitals were brought back online the next day with added protections. Public messaging urged patients to avoid hospitals unless necessary. The national decision was not to pay the ransom. IT teams restored systems from backups, and within five days, most hospitals were back to normal operations. No deaths or serious harm were reported, though some data was lost forever.

The DNSC credited the success to regular data backups and effective media communication. This incident has become a case study for disaster planners worldwide. Police are still investigating, but in 2023, a ransomware gang linked to BackMyData had its website taken down, and four Russians were arrested outside Russia. The FBI has stated that healthcare is now the most targeted critical infrastructure sector globally.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category

World

Latin Patriarch of Jerusalem Pizzaballa makes solidarity visit to Gaza

Cardinal Pizzaballa, the Latin Patriarch of Jerusalem, visited Gaza to show solidarity with the Christian community there.

Al Jazeera · 12 min ago

World

Starmer resigns as UK PM; Burnham tipped as successor

Keir Starmer has announced his resignation as British Prime Minister and Labour leader, with Andy Burnham emerging as the likely successor. In Germany, a long-awaited pension report was presented, while the Bundeswehr's Lithuania brigade conducted its first real-life exercise.

Politico Europe · 12 min ago

World

Europe gripped by deadly heatwave; UK issues rare red warnings, France holds crisis meeting after deaths

The UK has issued rare red heat warnings as temperatures are set to break June records, while France reports at least 18 deaths and holds a crisis meeting.

The Guardian World · 13 min ago