Romanian hospitals go offline after ransomware attack on patient system

Romania’s hospital network was forced back to paper after a ransomware attack disabled the Hipocrate Information System, the software that supports patient records and administration across the country. For four days, dozens of hospitals and more than 100 healthcare facilities were pushed into emergency manual mode, with staff writing prescriptions, keeping records by hand and working without connected devices, email or web browsers while the breach was contained.

The attack began during the night of 11-12 February 2024, after the first known encryption struck a children’s hospital in Romania on 10 February. From there, the malware spread through a shared system used widely by hospitals, turning a software failure into a national disruption. Reporting identified the ransomware as Backmydata, a Phobos-family strain, and the attackers reportedly demanded 3.5 Bitcoin to unlock the files.

Officials and security teams responded by taking systems offline fast. About 25 hospitals had data and production servers encrypted, while roughly 74 to 79 additional facilities were shut down as a precaution while investigators checked whether the intrusion had spread. That wide shutdown was costly, but it also limited the damage. By isolating affected networks, responders prevented the attackers from moving further through the system while containment work continued.

The episode exposed how dependent modern care has become on a single shared platform. When Hipocrate Information System went dark, hospital administrators lost access to routine digital tools that keep wards moving, from patient histories to prescription workflows. The fallback was basic but effective: paper charts, handwritten prescriptions and manual coordination. In a crisis that could have paralyzed care more completely, those analog procedures became the only bridge between patients and treatment.

Romanian officials also said recent backups had been made, which helped reduce the impact and made the ransom less compelling. The National Cyber Security Directorate advised against paying. The response became a stress test for healthcare resilience, showing both the fragility of a national hospital system tied to one management platform and the value of old-fashioned continuity plans. In a sector where speed can decide outcomes, Romania’s hospitals showed that paper still matters when the network fails.