February 13, 2024 at 06:33AM
A file-encrypting ransomware attack on the Hipocrate Information System (HIS) in Romania has led to data encryption in 26 hospitals. As a result, hospitals are resorting to pen and paper for record keeping. The attackers have demanded a 3.5 Bitcoin ransom, but DNSC advises against paying. Affected facilities are following DNSC’s instructions for system isolation and investigation.
After reviewing the meeting notes, the key takeaways are as follows:
1. On Monday morning, Romanian hospitals were affected by a ransomware attack on the Hipocrate Information System (HIS), leading to data encryption in 26 hospitals.
2. The attack was perpetrated by a threat actor deploying the Backmydata ransomware, causing the HIS to go offline and impacting 74 other connected healthcare facilities.
3. Most impacted hospitals have recent backups to facilitate system restoration, however, one facility lacks the last 12 days of data in their backup.
4. The attackers have demanded a 3.5 Bitcoin ransom (approximately $175,000), but DNSC advises against contacting the attackers or paying the ransom.
5. The DNSC has instructed hospitals to isolate impacted systems, save ransom notes and system logs, investigate the point of entry, inform relevant parties, and restore systems using backups.
6. The Backmydata ransomware, part of the Phobos family, exploits Remote Desktop Protocol (RDP) service flaws, achieves persistence, disables firewalls, deletes volume shadow copies, and exfiltrates data.
7. Cybercriminals claim to have stolen confidential data and threaten to sell it if the ransom is not paid, providing an email address for communication.
Additionally, other healthcare facilities globally have also been targeted by ransomware attacks, prompting a need for heightened cybersecurity measures and vigilance.
This summary captures the essential details from the meeting notes and provides a clear overview of the ransomware attack and its implications for the healthcare system.