The recent ransomware attack on at least 20 hospitals in Romania has caused a widespread disruption to their digital systems, leading to the suspension of emergency services in the affected facilities. According to the Romanian National Cyber Security Directorate (DNSC), the attack targeted the third-party healthcare management system used by the hospitals, causing the systems to be knocked offline.
The attack specifically targeted the Hippocrates Information System, which is vital for automating the activities related to the diagnosis and treatment of patients in hospitals. This disruption has had a direct impact on the hospitals’ ability to provide critical care and emergency services to patients in need.
Coinciding with the attack in Romania, a hospital in France also fell victim to a similar ransomware attack, although there is no established link between the two incidents. The Centre Hospitalier d’Armentières, which serves around 200,000 residents, was affected by the attack, resulting in the hospital’s printers printing ransom messages in the early hours of the morning.
As a result of the attack, the hospital management took immediate action by disconnecting all PCs from the main network and suspending all emergency services, including emergency rooms, consultations, and non-urgent surgeries, for a period of 24 hours. This decision was made in order to contain the impact of the ransomware and prevent further damage to the hospital’s digital infrastructure.
The severity of ransomware attacks on hospitals has been highlighted by a recent study published by public health researchers, which revealed that such attacks can increase the in-hospital mortality rate for patients already admitted to the hospitals. Additionally, it takes hospitals an extended period of two to three weeks to recover to a pre-attack level of patient admissions, further underscoring the disruptive impact of ransomware on healthcare facilities.
The implications of these attacks on hospitals in both Romania and France are significant, as they not only jeopardize patient care and safety but also highlight the vulnerabilities of digital systems in critical infrastructure. The need for enhanced cybersecurity measures and robust incident response protocols in healthcare organizations has become increasingly apparent in the face of such malicious cyber threats.
As the affected hospitals work to restore their digital systems and resume normal operations, the broader healthcare industry must confront the urgent need to fortify its cybersecurity defenses and mitigate the risk of future ransomware attacks. The disruption caused by these incidents serves as a stark reminder of the potential consequences of failing to adequately safeguard digital infrastructure in healthcare settings.