Romania Hospitals Go Paper‑Based as Ransomware Forces 100 Facilities Offline

Tue Jun 23 2026 19:52:29 GMT+0000 (Coordinated Universal Time)

When a nationwide cyber‑attack crippled Romania’s healthcare network, 100 hospitals surrendered their digital systems and turned to paper, keeping patients safe for four days.

A ransomware wave unleashed from a popular medical software hit Romania’s hospitals, shutting down electronic records across more than a hundred facilities. The national cyber‑security centre ordered an immediate internet cut‑off, buying time to isolate the threat. While staff relied on paper, ink and spreadsheets to keep up care, IT teams raced to restore data from fresh backups. No deaths were reported, but the event highlighted the fragility of digital health infrastructure and the need for robust backups and clear crisis communication. Lessons from Romania are now shaping global guidelines for responding to mass‑hospital cyber‑attacks.

Romania Hospitals Go Paper‑Based as Ransomware Forces 100 Facilities Offline

On 10 February 2024 a back‑door grip on the “Hippocrates” medical software crippled over one hundred Romanian hospitals, forcing a coordinated switch to paper‑based workflows.

The cyber‑security centre in Bucharest, led by Dan Cimpean, ordered an immediate internet disconnect. Staff at Buzău Hospital, 120 km north of the capital, were handed ink‑pens as their patient records vanished from the cloud.

Hospitals had to create offline methods—hand‑written charts, paper logs, and spreadsheets—to track admissions, test orders and medication schedules while IT teams isolated the BackMyData ransomware strain and negotiated a return of the system to safe operation.

The decision not to pay the €160,000 ransom was upheld by national policy, and more than 30 % of the affected sites had recent backups that allowed a swift recovery. Within five days most hospitals were back online with no reported deaths or serious harm.

Public messaging urged citizens to limit unnecessary hospital visits and made clear that contacting hackers would only increase risk. Patient frustration was high – staff at Buzău witnessed angry outbursts but could explain the situation without blame.

Experts say the event underlines how digitisation heightens vulnerability. Alina Bîzgă of Bitdefender noted that hospitals are a prime target for attackers seeking chaos and cash.

Similar attacks have hit NHS facilities in London, an American blood‑testing company, and a U.S. provider, causing fatalities and billions in ransom payments. In Romania the reliance on recent data backups mitigated the worst‑case scenario.

The cybersecurity centre’s use of media to update hospitals and the public is being praised as a key factor in the coordinated response. The incident has pushed policymakers to draft guidelines for national healthcare cyber‑attack responses.