Security News > 2024 > February > Romanian hospital ransomware crisis attributed to third-party breach

Romanian hospital ransomware crisis attributed to third-party breach
2024-02-14 15:48

The Romanian national cybersecurity agency has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider.

All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services.

"We are exactly in the scenario of the Backmydata/Phobos ransomware incident that affected dozens of hospitals in Romania," the DNSC said today.

The scale of the ransomware emergency in Romania is bordering on the unbelievable as now more than 100 hospitals have been either disconnected from the internet or had their files encrypted.

The ransomware used was said to be called Backmydata, a variant of the Phobos ransomware family that's been around for years under various guises and interactions.

Most recently a slightly modified version of Phobos was deployed by the 8Base ransomware group, although it should be said that 8Base has not claimed nor been attributed to the attacks in Romania.

News URL