A rapidly spreading ransomware infection affecting around 100 hospitals and medical facilities in Romania began with an infection at a third-party healthcare platform provider.
The Romanian National Directorate for Cyber Security (DNSC) said the ransomware originated from Hipocrate Information System (HIS), an integrated healthcare management system platform sold by Romanian Soft Company (RSC).
The Pitesi Children’s Hospital in Romania was the first known victim of the domino effect cyber attack on February 10, while the other hospitals were hit on February 11 and 12. The unidentified attackers launched the Backmydata malware, a relative of the Phobos ransomware family. — and asked for 3.5 BTC or 157,000 euros.
“Most of the affected hospitals have data backups from the affected servers, with the data saved relatively recently (1-2-3 days ago) except one, whose data was saved 12 days ago. This could allow for a recovery simpler than services and data,” DNSC said.