More than 100 health care facilities in Romania are offline after hackers launched a ransomware attack on at least 25 hospitals, the country’s cybersecurity agency said Tuesday.
According to the Romanian National Cyber Security Directorate, the attack started with the Pitesti Pediatric Hospital and quickly spread to others.
An additional 79 health care facilities have disconnected from the internet to try to avoid the hackers, it said.
The affected facilities represent a significant portion of the country’s health care system. According to a study last year from researchers at multiple Romanian universities, the country has 543 hospitals nationwide.
Multiple studies have shown that hospitals have higher mortality rates when they experience downtime from ransomware attacks.
Despite some global efforts to combat them, ransomware attacks — where cybercriminals infect a computer system and demand a bitcoin payment for a promise to help unlock them — are globally on the rise. Last year, victims paid their attackers a record $1 billion.
The hackers’ identities are not public, but according to the Romanian agency, they used a strain of ransomware called Phobos, created by Russian-speaking hackers. That strain has been leaked and can be used by any criminal hacker, said Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future. This appears to be, by far, the largest attack using Phobos, he said.
The hackers have asked for $3.5 bitcoin in ransom, the equivalent of almost $170,000, the Romanian agency said. It didn’t respond to an emailed question of whether the hospitals intend to pay.
Romania’s top cybersecurity company, Bitdefender, is providing aid to the hospitals, the agency announced.