Romania was plunged into a digital health crisis in February 2024 when a devastating cyber-attack compromised computer systems across more than 100 hospitals. The attack, which lasted four days, saw hackers breach a widely used medical software system, known as Hippocrates, and spread ransomware to hospital networks, threatening patient safety and continuity of care.
The malware, identified as BackMyData, was designed to encrypt files and demand a £138,000 ransom in Bitcoin. However, rather than succumbing to the hackers' demands, Romanian authorities took a firm stance and refused to engage with them or pay the ransom. This decision, coupled with swift action by cyber-experts and hospital staff, has been widely praised internationally.
Medical professionals across Romania were forced to improvise when digital records became inaccessible. Staff at Buzău Hospital, for example, had to resort to writing patient data on paper, while colleagues at Carol Davila Hospital in Bucharest developed offline methods using Excel and other tools. Lab results were delivered physically to the hospital, demonstrating remarkable adaptability under pressure.
A total of 26 hospitals were found to have been infected with BackMyData, according to an investigation led by the Romanian national cyber-security centre (DNSC) and conducted in collaboration with the developers of the Hippocrates software. Uninfected hospitals were brought back online with enhanced security protocols, while efforts continued to cleanse the compromised systems.
As news of the attack spread, disaster planners around the world took note of Romania's swift response as a crucial test case for effective responses to mass hospital cyber-attacks. This comes as no surprise given the FBI's recent assertion that healthcare is the most targeted area of critical national infrastructure.