By Chris Vallance & Joe Tidy
BBC News
Over a hundred Romanian healthcare facilities have been been affected by a ransomware attack, with some doctors forced to resort to pen and paper.
Children’s and emergency hospitals were among those hit, with other facilities going offline as a precaution.
The cyber extortionists demanded 3.5 Bitcoin, worth over £130,000, to unlock vital files which they had encrypted.
But Romanian cyber officials said data had been recently backed up, reducing the impact.
The attack largely unfolded overnight on Monday, according to a statement from the Romanian Ministry of Health and had targeted a widely used medical information system.
The incident was under investigation by IT specialists, including cyber security experts from the National Cyber Security Directorate (DNSC), the ministry said.
According to the DNSC, 25 hospitals were affected by the attack, starting with the The Pitesti Paediatric Hospital.
The organisation said that 79 other healthcare facilities were taken offline while investigations were carried out to determine if they had been affected.
While officials had identified the type of malware used, the group responsible has yet to be identified. The ransom demand includes only an email address, officials wrote.
As most of the targeted hospitals have recent backups of data from the affected servers, it is expected that the facilities should be able to bounce back fairly rapidly.
But the impact on patients is likely to be profound as dozens more hospitals have had to switch off internet connected devices as a precaution. This could, in theory, affect not just booking and records but also machines like MRI scanners.
The UK experienced a similar attack in 2017 which disrupted 80 out of 236 hospital trusts across England and caused nearly 7000 appointments to be cancelled or rearranged.
Following that incident the NHS accepted that there were “lessons to be learned”, and made a number of changes.