More than 100 hospitals across Romania were forced to disconnect from the internet and switch to manual operations after a large-scale cyberattack targeted the country’s healthcare system in February 2024.
The attack spread through Hippocrates, a widely used hospital management platform that supports admissions, laboratory requests, pharmacy logistics, payroll functions, and patient records. Cybercriminals deployed a ransomware strain known as BackMyData, encrypting files and demanding a bitcoin ransom.
As the attack rapidly expanded, Romania’s National Cyber Security Directorate (DNSC) ordered hospitals to immediately disconnect from the internet to prevent further infections. The decision halted the spread of the malware but also forced healthcare facilities to operate without connected systems, email services, or web-based applications.
Medical staff across the country quickly adopted manual processes to maintain patient care. Hospitals relied on paper records, offline spreadsheets, and printed laboratory results while IT teams worked to assess the damage and restore affected systems.
Healthcare professionals reported significant operational challenges as access to patient records, test requests, medicines, and medical supplies was disrupted. Despite the difficulties, hospitals developed temporary workflows to ensure treatment and essential services continued without interruption.
Cyber investigators later confirmed that 26 hospitals had been infected by the ransomware. Authorities worked alongside the software provider to identify compromised systems, remove the threat, and strengthen security measures before bringing unaffected hospitals back online.
Public communication played a critical role during the crisis. Authorities urged patients to avoid hospitals unless absolutely necessary and advised healthcare institutions not to contact the attackers or pay the ransom. The cybercriminals had demanded €160,000 in bitcoin, but Romanian authorities decided against making any payment.
A key factor in the recovery effort was the availability of recent data backups. These allowed hospitals to restore systems more quickly and resume operations. Within 5 days, most hospitals had returned to near-normal functioning, with no reported deaths or serious patient harm linked to the incident.
The cyberattack has since become an international case study in healthcare cyber resilience, highlighting the importance of backup systems, coordinated crisis response, and effective communication during large-scale digital disruptions.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.