​The number of hospitals affected by the cyber attack that started yesterday is growing. The cyber security incident was confirmed on Tuesday in 5 more hospitals, according to the National Cyber ​​Security Administration. A ransom of 3.5 BTC (approximately €157,000) is also required.

The attackers’ message did not list the name of the group responsible for this attack, only an email address. The Office of Cybersecurity and other cybersecurity agencies involved in the analysis of this incident recommend contacting the attackers and not paying the requested ransom.

5 hospitals where a cyber security incident was confirmed on Tuesday:

• Institute of speech therapy and ENT-functional surgery “Prof. Dr. D. Hociotă”, Bucharest

• Pneumophthisia sanatorium of Breda, Hunedoara

• Rosiori de Vede pneumophysiological hospital

• Băicoi City Hospital

• Sante Călărași Clinic (private clinic)

Hospitals using the Hippocrates platform, whether affected or not, have since yesterday received a number of recommendations from the DNSC on how to properly address the situation:

• Identification of affected systems and their immediate isolation from the rest of the network, as well as from the Internet

• Keeping a copy of the ransom note and any other messages from the attackers. This information is useful for authorities or for further analysis of the attack

• Do not turn off damaged equipment. Shutting down will delete evidence stored in non-volatile memory (RAM)

• Collect and store all necessary log information from damaged equipment, as well as from network equipment, firewall

• Examine system logs to determine the mechanism by which the IT infrastructure was compromised

• Notify all employees immediately and notify affected customers and business partners of the incident and its scope

• To restore affected systems from data backups after performing a full system cleanup. It is absolutely necessary to ensure that backups are complete, up-to-date and secure from attacks

• Ensure that all programs, applications and operating systems are updated to the latest versions and that all known vulnerabilities are patched

Yesterday’s cyberattack affected 21 hospitals. Pitesti Pediatric Hospital is affected starting Saturday, February 10, 2024. Other hospitals are affected starting February 11-12, 2024:

• Buzeu District Emergency Hospital

• Slobozhansk District Emergency Hospital

• “St. Apostol Andrey” Konstanz District Emergency Hospital.

• Pitesti District Emergency Hospital

• “Dr. Alexander Hafenk” Military Emergency Hospital, Konstanz

• Institute of Cardiovascular Diseases of Timisoara

• District emergency hospital “Dr. Kostyantyn Oprysh” Baia-Mare

• Sighetu Marmaciei City Hospital

• Tirgovishte District Emergency Hospital

• Coltea Clinical Hospital

• Mezhidi city hospital

• Fundeni Clinical Institute

• Oncology Institute “Prof. Dr. Al. Trestioreanu” Bucharest (IOB)

• Regional Institute of Oncology Iasi (IRO Iasi)

• Azuga Orthopedics and Traumatology Hospital

• Băicoi City Hospital

• Emergency Clinical Hospital for Plastic Surgery, Repair and Burns Bucharest

• St. Luke’s Hospital for Chronic Diseases

• MV Clinical Hospital No. 2 Bucharest

• MALP SRL Moinești Medical Center

According to the DNSC, the other 79 units of the health care system have been disconnected from the Internet and are being investigated further to determine whether (or not) they were the target of the attack.

Most of the affected hospitals have backup copies of data from the affected servers, with the data saved relatively recently (1-2-3 days ago), with the exception of one, whose data was saved 12 days ago. This can make it easier to restore services and data.

DIICOT conducts research in rem

DIICOT announces that it is investigating illegal access to the system, disruption of IT systems and illegal operations with IT programs or devices in the case of a cyber attack that affected the operations of several hospitals in Bucharest and in the country. on Monday. The investigation was launched after the notification of two commercial companies that provide services for the maintenance of the integrated IT system of public hospitals.

“On February 12, 2024, two commercial companies that provide services for the maintenance of the integrated IT system of public hospitals in Romania informed the Directorate for the Investigation of Organized Crime and Terrorism that on February 11 and 12, 2024, “unidentified persons attacked the integrated computer system and hardware infrastructure with the help of a ransomware-type virus, which led to the blocking of this system and communications of any kind, as well as limiting access to computer databases,” DIICOT said, according to News.ro. .

In accordance with the established procedure, criminal proceedings are conducted on the fact of committing crimes of illegal access to the system, disruption of computer systems and illegal operations with computer programs or devices.

“We would like to clarify that at the moment additional information regarding the stage of the investigation cannot be provided, since the provisions of Art. 12, par. 1, summer e, from Law 544/2001. This stage does not mean the formulation of charges against any person, but establishes the procedural framework necessary for the collection of evidence in order to correctly and fully establish the factual situation and to adopt a legal and complete resolution of the case,” DIICOT reports. .

21 hospitals in Bucharest and in the country were affected on Monday by a ransomware cyber attack.

Some of the hospitals continue to be affected on Tuesday.

The National Cyber ​​Security Administration (DNSC) said it was a ransomware cyberattack on a multi-hospital service provider. According to data as of Monday evening, 21 hospitals were affected. The other 79 units of the health care system have been disconnected from the Internet, and additional investigations are underway.

Photo: Dreamstime.com.