Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity.

The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December that is still impacting medical operations.

The hospital is not able to report the services performed in December 2022 and for this reason, it cannot receive payment for the medical services provided.

The threat actors demanded a ransom of 3 Bitcoin to decrypt the data on the infected systems. It seems that the attackers abused a remote connection used for maintenance purposed by a third-part service provider.

“The attack is similar to the one in the summer of 2019, when four other hospitals in Romania were targeted. The hackers apparently got through by using a remote connection accessed by one of the maintenance companies.” reported the website Romania Insider. “The hackers entered the system and encrypted the December database. After that, they left a message, in English, asking for a ransom of 3 Bitcoin, or approximately EUR 46,400.”

According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files.

“We have already notified the National Directorate of Cyber Security and DIICOT. An investigation has been launched and we are waiting to see what happens. I cannot say more at the moment. It is certain that from Monday we hope to resume medical activity at normal capacity,” said doctor Cătălin Dascălescu, the manager of the Recovery Hospital.

In 2019 other four hospitals in Romania suffered ransomware attacks that were attributed to the PHOBOS extortion group.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Saint Gheorghe Recovery Hospital)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.