100 Romanian Hospitals Go Back to Paper to Stop a Ransomware Surge

Tue Jun 23 2026 19:16:54 GMT+0000 (Coordinated Universal Time)

Romania’s hospitals shut internet links, using handwritten records to keep care safe after a national cyber‑attack on healthcare software.

In February 2024 a ransomware strike on the Hippocrates medical software sent Romanian hospitals offline. Authorities ordered more than 100 hospitals to disconnect from the internet, forcing medical staff to rewrite patient data on paper. The move bought time for IT teams to contain the attack and restore systems, with most hospitals back online within five days and no reported deaths. The incident underscores the growing threat to healthcare infrastructure and the importance of backups and quick communication.

When the cyber‑security centre in Bucharest discovered a ransomware strain called BackMyData had infected the widely used hospital management system Hippocrates, more than 100 hospitals across Romania were ordered to cut all internet connections. The move was aimed at stopping the malware from spreading further and bought the authorities time to investigate the breach.

The decision meant doctors, nurses and administrators could not use electronic patient records, laboratory orders, radiology reports or pharmacy logistics. Instead, they went back to paper forms, manual logbooks and face‑to‑face communication. One surgeon, Oana Goidescu, described the chaos: “Every test, medication and supply list vanished from the system.” Staff learned to write patient information by hand, request laboratory results on paper and use offline spreadsheets.

National cyber‑security experts worked overnight with the software vendor to identify all infected sites. A briefing to hospitals and the public urged patients to avoid hospitals unless necessary and to refrain from paying the ransom of €160,000 in bitcoin demanded by the attackers. Over the next four days, the disruption was contained; systems were restored from recent backups, and most hospitals were operational again by the end of the fifth day.

The response highlighted how digitised healthcare systems are a prime target for attackers and why regular, off‑site backups are essential. While some data lost during the outage will never be recovered, no deaths or serious injuries were reported. The incident serves as a cautionary example for disaster planners worldwide, prompting hospitals to prepare contingency plans that include manual processes.

By Joe Tidy – Cyber Correspondent, World Service (reporting from Romania)