Security News > 2024 > February > Romanian hospital ransomware crisis attributed to third-party breach
The Romanian national cybersecurity agency has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider.
All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services.
"We are exactly in the scenario of the Backmydata/Phobos ransomware incident that affected dozens of hospitals in Romania," the DNSC said today.
The scale of the ransomware emergency in Romania is bordering on the unbelievable as now more than 100 hospitals have been either disconnected from the internet or had their files encrypted.
The ransomware used was said to be called Backmydata, a variant of the Phobos ransomware family that's been around for years under various guises and interactions.
Most recently a slightly modified version of Phobos was deployed by the 8Base ransomware group, although it should be said that 8Base has not claimed nor been attributed to the attacks in Romania.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/02/14/romanian_hospital_ransomware_crisis/
Related news
- Ransomware forces hospital to turn away ambulances (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)