The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity.

The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December that is still impacting medical operations.

The hospital is not able to report the services performed in December 2022 and for this reason, it cannot receive payment for the medical services provided.

The threat actors demanded a ransom of 3 Bitcoin to decrypt the data on the infected systems. It seems that the attackers abused a remote connection used for maintenance purposed by a third-part service provider.

“The attack is similar to the one in the summer of 2019, when four other hospitals in Romania were targeted. The hackers apparently got through by using a remote connection accessed by one of the maintenance companies.” reported the website Romania Insider. “The hackers entered the system and encrypted the December database. After that, they left a message, in English, asking for a ransom of 3 Bitcoin, or approximately EUR 46,400.”

According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files.

“We have already notified the National Directorate of Cyber Security and DIICOT. An investigation has been launched and we are waiting to see what happens. I cannot say more at the moment. It is certain that from Monday we hope to resume medical activity at normal capacity,” said doctor Cătălin Dascălescu, the manager of the Recovery Hospital.

In 2019 other four hospitals in Romania suffered ransomware attacks that were attributed to the PHOBOS extortion group.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Saint Gheorghe Recovery Hospital)


Source link