100 Romanian Hospitals Cut Internet for 4 Days to Stop BackMyData Ransomware
Updated
Updated · BBC.com · Jun 22
100 Romanian Hospitals Cut Internet for 4 Days to Stop BackMyData Ransomware
3 articles · Updated · BBC.com · Jun 22
Summary
More than 100 Romanian hospitals were ordered offline in February 2024 after attackers breached software firm RSC and spread BackMyData ransomware through the widely used Hippocrates medical system.
Twenty-six hospitals were confirmed infected, forcing staff to abandon connected records, email and web access and run admissions, lab results and treatment workflows on paper, Excel and other offline tools.
A €160,000 bitcoin ransom was demanded, but authorities told hospitals not to contact the hackers or pay; investigators instead relied on backups and restored uninfected sites with added protections.
Within five days, most hospitals were back near normal with no reported deaths or serious patient harm, though some data was permanently lost and paper records took weeks to re-enter.
The episode is now cited as an international test case for hospital cyber response as healthcare systems face rising ransomware pressure after major attacks in Britain and the United States.
With recovery costs dwarfing ransom demands, what is the true multi-million dollar price of a healthcare cyberattack?
As cyberattacks increase patient mortality, is reverting to paper a viable defense or a symptom of systemic failure?
When one software flaw cripples 100 hospitals, who is truly accountable for the fallout: the hospital or the vendor?
Anatomy and Aftermath of the 2024 BackMyData Ransomware Attack: How a Single Vulnerability Disrupted 100 Romanian Hospitals
Overview
In February 2024, the BackMyData ransomware attack disrupted around 100 hospitals and medical facilities across Romania. The attack began with a critical vulnerability in the Hipocrate Information System (HIS), an integrated healthcare platform widely used and sold by Romanian Soft Company. This single point of failure enabled the ransomware to spread rapidly, starting with Pitesi Pediatric Hospital and quickly affecting others. The incident highlights how a supply chain compromise in a central system can lead to widespread disruption, emphasizing the urgent need for stronger cybersecurity in healthcare technology.