Building upshot

About us

Latest Insurance News


Ransomware Attack Left Hospitals Offline

Cyber-risk and liabilities update

More than 100 Romanian hospitals have been hit by a ransomware attack following a cyber-incident that targeted a third-party supplier. Dozens of hospitals were left offline, with some resorting to the use of pen and paper to continue operating. The attackers demanded a ransom of £130,000 (although the actual demand was in Bitcoins) to release the data stolen in the breach.

This event showcases the dangers that third-party software can pose. Specifically, malicious actors can exploit vulnerabilities in third-party software to introduce harmful code or launch attacks.

The following article provides more details about the incident and offers tips for businesses to prevent ransomware attacks and third-party breaches.

Ransomware Attack Incident Details

The ransomware attack occurred between 10th and 12th February 2024, starting with the Pitesti Paediatric Hospital and impacting at least 25 others, according to the National Cyber Security Directorate. Additionally, 79 hospitals were forced offline while investigators determined if they had been affected.

The main target of the attack was a third-party healthcare management system platform used by hospitals to store patient data. The attack encrypted hospital data, and the threat actors responsible—whose identities are currently unknown—demanded a ransom for the data’s safe release. Although most hospitals had recently backed up their data, one hadn’t done so for 12 days, significantly impacting their recovery. Furthermore, some hospitals had to switch off internet-connected devices as a precaution, meaning health-critical machines like MRI scanners could have been affected.

The UK has seen similar attacks; in 2017, the NHS was brought to a standstill due to a WannaCry outbreak, and more recently, a third-party software compromise left several NHS Trusts unable to access patient data for months during 2022.

Besides, it’s not just healthcare facilities at risk; all business types can be hit by ransomware attacks and be left unable to trade, or worse still, with their reputation in tatters.

Tips for Businesses

This event emphasises how important it is for businesses to have appropriate cyber-security measures to help protect against ransomware attack losses. Here are some best practices for organisations to consider:

  • Establish response strategies — Organisations must identify their critical assets and determine how these could be impacted by ransomware attacks, leveraging this information to develop a robust cyber-incident response plan. The plan should detail how businesses can restore operations and respond to ransom demands. Organisations should keep a hard copy of their plan on a system unconnected to their main IT network for safe access in case of breaches.
  • Keep up-to-date backups — Organisations should back up all critical files and regularly test backup plans to ensure potential problems are spotted before they result in data loss. Additionally, organisations must create offline backups and keep these in an off-site location or a cloud service designed for this purpose. Backups should be scanned for malware before files are restored in case hackers have infiltrated the network and infected them.
  • Proactively manage third-party risk — Organisations must scrutinise how their vendors handle information and request proof of the vendors’ cyber-security programme to evaluate potential vulnerabilities. Additionally, organisations could consider the merits of auditing third-party vendors for security compliance.

As ransomware attacks evolve and threat actors continue to target multiple organisations through third-party software, businesses should make it a priority to consistently review their potential exposures and update their mitigation techniques whenever necessary.

Contact us today for additional risk management guidance and insurance solutions.

The cyber-threat information provided by Zywave and contributed by Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.