How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack
How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack12 minutes ago Share Save Add as preferred on GoogleJoe TidyCyber Correspondent, World Service, RomaniaBBCSurgeon Oana Goidescu was...
No Meeting by June 30 — Where will Trump and Putin meet after that?
Key developments are emerging from the global stage. How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack12 minutes ago Share Save Add as preferred on GoogleJoe TidyCyber Correspondent, World Service, RomaniaBBCSurgeon Oana Goidescu was on shift when her hospital was hit by the cyber attackOne after another the calls came in from hospitals; criminals were infecting computer networks in a mass hack that was putting countless lives at risk. At Bucharest's national cyber-security centre (DNSC) they watched helplessly as the hackers spread across Romania through a popular piece of medical software. Cyber-chief Dan Cimpean had a tough decision to make, but it was the only option they had.
The order went out to more than 100 hospitals. Disconnect from the internet, now. The cyber-attack on Romania's hospitals in February 2024 is one of the worst to target healthcare systems around the world, but these incidents are becoming increasingly common.
The Details
Healthcare is now the most targeted area of critical national infrastructure, the FBI has said recently. Cutting off 100 hospitals in Romania from the internet stopped the hackers in their tracks, buying time to work out how bad the attack was. But it meant no connected devices, emails or web browsers.
Medical staff had to switch to pen and paper, improvising workarounds to protect patients while IT teams scrambled and the national cyber response centre tried to find out how the hackers had got in - and how they could stop them. Their actions over four days from 10 February 2024, and those of the doctors and nurses, have been widely praised. How they reacted and how they coped has become a test case for disaster planners internationally, as officials look for advice on responding to a mass hospital hack.
As head of Romania's Cyber-Security Directorate Dan Cimpean (L) was in charge of co-ordinating the crisis responseSurgeon Oana Goidescu was on shift at Buzău Hospital, 120km (75 miles) north-east of Bucharest, when the alert came that attackers had breached Bucharest-based software firm RSC, burrowing into a widely used medical system called Hippocrates. "It was quite an unpleasant experience, because an IT record is not just a list of patients," she said. "For each patient, we request lab tests, radiology, medicines and supplies.
What Experts Say
All of that was gone. "Hippocrates is used by doctors, nurses and surgeons to manage everything from admissions to payroll, pharmacy logistics and test results. Quietly, the cyber-attackers had begun infecting hospitals across the country that used the system with a ransomware strain called BackMyData.
Files were being scrambled into gibberish and the demand was a ransom in bitcoin. Staff at Pitești children's hospital, north-west of Bucharest, were the first to notice errors on Sunday morning, the day after the attack had begun. By dawn on Monday, many other hospitals had reported the Hippocrates system was down.
The story has become one of the most prominent items on the global agenda.
