A notable ransomware incident occurs in the Romanian healthcare system. An external IT provider has left more than a hundred hospitals at risk of contamination.

Romania is under the spell of a mysterious virus. Don’t worry, it is not a virus that is harmful to people, but one that affects the health of IT devices. The ransomware attack affected more than a hundred hospitals: we have not seen cyberattacks of this magnitude in the medical sector since the infamous Wannacry campaigns.

The error appears to lie with an unnamed external IT provider that operates a platform used by many hospitals in the country. The hackers used this platform to penetrate the IT environment of all connected hospitals. 79 hospitals were just able to preventively take their IT systems offline in time, but for 26 hospitals it was already too late.

The identity of the attacker(s) is unknown. To date, no group has claimed responsibility for the attacks and no group is referenced in the threatening letters. The ransom amounts demanded are also relatively “low”: the perpetrator or perpetrators are content with a payment of 3.5 Bitcoin, which (rounded up) amounts to 170,000 euros.

A forewarned company is worth two

This incident in Romania is also a lesson for Belgian organizations inside and outside the medical sector. It once again illustrates the possible proportions Supply chainAttacks in which hackers target an IT provider at the beginning of the software chain and thus gain access to its customer base. So you not only have to get your own IT affairs in order, but you also have to have the courage to impose strict requirements on your suppliers and partners.

Fortunately, the principle of backup creation seems to have been well established in the Romanian medical sector, which means that healthcare will not be affected too badly, assures the national cybersecurity authority. A hospital is apparently at a loss because no backups have been created for more than twelve days. Let this be a lesson for your company too.