Cyber Incident Victim: Hipocrate
Date:
Feb 2024
Location:
Romania
Summary
A ransomware cyberattack targeted the Hipocrate IT system used by 18 hospitals across Romania, disrupting medical operations and forcing emergency departments to switch to offline patient registration. The attack caused significant delays in emergency services and hindered hospitals' ability to report medical procedures, potentially affecting their funding allocations. Specialists from the National Directorate for Cybersecurity deployed to investigate while affected institutions disconnected from public internet as a protective measure, with restoration efforts ongoing using existing backups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 12, 2024, a ransomware cyberattack targeted a service provider managing the Hipocrate information system used by multiple Romanian hospitals, disrupting operations across 18 healthcare facilities in ten cities. The attack began in the morning, forcing affected hospitals to disconnect from public internet access and switch to offline operations to protect patient data. Hospitals reported immediate impacts, including the inability to register patients electronically for admissions or emergency room services, leading to extended wait times and manual record-keeping in emergency departments. The National Directorate for Cybersecurity (DNSC) was notified during the day and deployed specialists to investigate the incident, while the Ministry of Health activated exceptional preventive measures for unaffected hospitals. Health Minister Alexandru Rafila initially estimated 15-20 impacted facilities before confirming 18 hospitals, spanning institutions such as the Bucharest Emergency Clinical Hospital for Plastic Surgery, Constanța’s "Sf. Apostol Andrei" County Clinical Emergency Hospital, Iași’s Regional Oncology Institute, and Pitești County Emergency Hospital.
The attack paralyzed the Hipocrate system, a critical software for hospital operations, service reporting, and insurance reimbursement processes. Hospitals operated using internal servers without internet connectivity, delaying data entry into national health systems and creating uncertainty about financial reporting to the National Health Insurance budget. Representatives from Bucharest’s "Bagdasar-Arseni" Hospital and Marius Nasta Institute confirmed continued patient care through offline workflows but acknowledged operational difficulties. Concurrently, Târgu Jiu County Hospital reported ongoing flood-type cyberattacks from a botnet targeting public IP addresses, though its services remained unaffected due to port-blocking measures. The DNSC urged hospitals to avoid contacting IT teams to prioritize system restoration, while the Hipocrate system’s administrator indicated backups existed and projected service restoration by February 13. No patient data breaches or ransom demands were confirmed in initial reports.