Over a hundred healthcare facilities in Romania have fallen victim to a ransomware attack, causing disruptions in medical services and forcing some doctors to resort to traditional pen and paper methods.

Children’s hospitals and emergency facilities were among those impacted by the attack, with some hospitals being taken offline as a precautionary measure. The cyber extortionists responsible for the attack demanded 3.5 Bitcoin, equivalent to over £130,000, to decrypt vital files that had been encrypted during the breach.

Fortunately, Romanian cyber officials reported that recent data backups had been conducted, mitigating the impact of the attack. The Ministry of Health confirmed that the incident primarily targeted a widely used medical information system and unfolded overnight on Monday.

According to the National Cyber Security Directorate (DNSC), 25 hospitals, including the Pitesti Paediatric Hospital, were directly affected by the ransomware attack. Additionally, 79 other healthcare facilities were temporarily taken offline as investigations were conducted to assess potential vulnerabilities.

While the type of malware used in the attack has been identified, the identity of the cybercriminal group responsible remains unknown. The ransom demand only included an email address, leaving authorities with limited leads.

Although most hospitals have recent backups of their data, the precautionary shutdown of internet-connected devices may still impact patient care. Services such as booking appointments and accessing medical records could be disrupted, along with essential medical equipment like MRI scanners.

This incident bears similarities to a ransomware attack that occurred in the UK in 2017, which affected 80 out of 236 hospital trusts across England. Nearly 7,000 appointments had to be cancelled or rescheduled as a result. In response to that attack, the NHS acknowledged the need for improvements and implemented several changes to enhance cybersecurity measures.