The number of hospitals affected by Sunday's cyber attack is growing. The incident was confirmed at four more medical units, the National Cyber Security Directorate announced.
It is not known, for now, who are the hackers who broke the Hippocrates platform. Photo source: archive
The four hospitals where the cyber security incident was confirmed are:
- Institute of Speech-Language and ENT Functional Surgery “Prof. Dr. D. Hociotă”, Bucharest;
- Brad Pneumophthisiology Sanatorium, Hunedoara;
- Roșiori de Vede Pneumophthisiology Hospital;
- Sante Călărași Clinic (private clinic);
The Cyber Security Directorate recommends not contacting the attackers and not paying the requested ransom. It is about a redemption request in the amount of approximately 157,000 EURO.
Minister Rafila: “We need clear legislation”
The Minister of Health, Alexandru Rafila, said on Tuesday, about the cyber attack that affected hospitals in Romania, that some of the hospitals have resumed their activity, but not all. Meanwhile, Bitdefender offered an IT protection solution for all medical units in Romania, free of charge, for at least one year. “We are in the first process of informatization of the health system”, Rafila also said, stating that they will work to create clear legislation and clear rules regarding the protection of medical data.
Alexandru Rafila stated on a television station that the cyber attack blocked the data transmission activity. Immediately, several hospitals were disconnected from the Hippocrates platform so that these consequences of the attack do not spread and possible data leaks are as little as possible.
The minister stated that some of the hospitals have resumed their activity, but not all of them. “Good news, Bitdefender has offered an IT protection solution for all hospitals in Romania, – free of charge, for at least one year”, Minister Rafila announced. He mentioned that they will work with DNSC and other institutions to create clear legislation and clear rules regarding the protection of medical data. “We are in the first process of informatization of the health system, which does not only mean hospitals but also the ministry, the public health departments, and all these systems must be integrated”, the minister also pointed out.
Recommendations from cyber security experts
Hipocrate is an online platform used by dozens of hospitals in Romania and where all the medical activities carried out in the respective units are uploaded. Hospitals using the HIPOCRATE platform, regardless of whether they were affected or not, have since yesterday received a series of recommendations from the DNSC to properly manage the situation:
– Identification of affected systems and their immediate isolation from the rest of the network as well as from the Internet – Keeping a copy of the ransom message and any other communications from the attackers. This information is useful for authorities or for further analysis of the attack
– Do not turn off the affected equipment. Stopping it will remove evidence stored in volatile memory (RAM) – Collect and retain all relevant log information from affected equipment, but also from network equipment, firewall
– Examine system logs to identify the mechanism by which the IT infrastructure was compromised
– Immediately inform all employees and notify affected customers and business partners of the incident and its extent
– Restore affected systems based on data backups, after a full system cleanup has been performed. It is absolutely necessary to ensure that backups are intact, up-to-date and secure against attacks
– Ensure that all programs, applications and operating systems are updated to the latest versions and that all known vulnerabilities are patched.
After a cyber attack on the servers on which this system runs, at least 21 hospitals in Bucharest and in the country were affected on Monday, February 12. Their activity was blocked because patients could no longer be registered in the system.
