When a cyberattack knocked out Romanian hospitals, doctors recovered a classic: pencil and paper

Computer technology has arrived to make our lives easier. In the health field, for example, hospitals are increasingly interconnected. Doctors in many countries around the world have access to electronic medical records and patients to paperless prescriptions. All of this can be fantastic, as long as it works well, of course. Romania experienced it in February 2024, when part of its health system was caught in a virus attack. ransomware which affected the Hipocrate platform used by hospitals throughout the country. Two years later, a reconstruction of the BBC It allows us to better understand what happened, how many hospitals were really infected and how the crisis was contained. The problem was especially delicate because Hippocrates was integrated into very different tasks of daily hospital life. The platform was used to register patients, order tests, view results, manage medications, and organize supplies. In practice, its fall left many centers without one of their main coordination tools. The ransomware variant identified was BackMyData. As usually happens in this type of attacks, the files were encrypted, renamed and unusable for system administrators. There was talk of a ransom of 3.5 bitcoins, about 175,000 euros at the exchange rate at the time, in exchange for the supposed key to recover the information. As new notices came in from hospitals, Romania’s National Cyber ​​Security Directorate, the DNSC, made a drastic decision: ordering more than 100 hospitals to they will disconnect from the network. The measure left them without digital tools, but it allowed them to isolate the problem and gain time. Over time, the photography of the incident has become more refined. The number of hospitals directly infected by BackMyData was 26. The operational impact, however, was much greater: more than 100 hospitals were left offline or without normal access to their digital services. Inside the hospitals, the response was much more earthly. Some doctors asked the lab to deliver results on paper, others turned to offline spreadsheets, and many went back to register patients by hand. It was not a metaphor: for several days, part of the Romanian healthcare functioned with analogue tools. Romania chose not to pay the ransom and focused recovery on available backups. The strategy allowed operations to be recovered, at least essentially. According to updated information, most hospitals returned to almost normal operation in about five days. While there were no deaths or serious injuries to patients, the outage left work pending for weeks. All the information written down on paper had to re-enter the systems and some data was lost forever. Romanian authorities have not publicly attributed the attack to a specific group. There was later an international operation against a gang related to the BackMyData ecosystem, with four Russian citizens arrested outside Russia, but the BBC does not present it as a direct resolution of the case. Those days left an image that is difficult for many to forget: modern hospitals, useless screens and doctors doing something as old as writing to continue providing care. This case, however, also showed that backups and recovery plans are essential in the interconnected world we live in. Images | Pixabay | Tima Miroshnichenko | Miguel Ausejo In Xataka | Spotify will not let you log in with your username and password. It is a wonderful idea to protect your account

go back to pencil and paper

We take for granted the conveniences of the digital age: instant messaging, online shopping, the databases that power millions of businesses. Everything flows until something breaks and the routine stops. In companies, this failure can have devastating effects. Jaguar Land Rover verified itwhich suffered a cyber attack that paralyzed its production lines. Now the scenario is repeated in Japan, where Asahi, the giant that controls about 40% of the beer market, has had to stop its activity and resort to the most basic: handwritten orders, paper documents and faxes that ring again. The incident broke out at the end of September, when an attack by ransomware left inoperative Asahi’s ordering and shipping systems in Japan. In a few hours, the company had to suspend activity in most of its factories and completely reorganize its logistics. The country’s supermarkets and convenience chains, including 7-Eleven and FamilyMart, warned of possible stock shortages. Although production began to resume on a limited basis, the brewer admitted that it could not guarantee timelines for returning to normality. When a cyberattack turns off screens and forces you to return to paper The systems that allow Asahi to process orders, coordinate deliveries and communicate with distributors were out of service following the attack. Although factories could continue producingthe company was forced to stop activity because it could not manage a single shipping order. The measure was part of the containment protocol, which included blocking servers and suspending incoming mail from abroad. In a few hours, the largest brewer in the country went from total automation to an almost complete stoppage. Faced with the digital blockade, Asahi activated an emergency plan based on manual procedures. Orders were written down by hand, delivery notes were printed and shipping confirmations were communicated by fax, as they were decades ago. The goal was simple: keep the product flowing, even if it was limited. The brewery thus managed to partially reactivate its distribution network, while preparing the reopening of its call center. It was a slow and laborious response, but it allowed the first batches of beer to leave the factories again. Little by little, Asahi began to commission its factories. The six brewing centers in the country returned to limited production, starting with the Asahi Super Dry line. Some soft drink and food plants were also reactivated, although at a slower pace. The company specified that its production was still far from normal and that containment measures were still in force. The attack affected only Asahi’s domestic operations. The company clarified that its subsidiaries in Europe and the United Kingdom continued to operate without incidents. The Japanese side, which contributes around 50% of its global incomewas the only one hit. Although the geographical scope was limited, the economic and logistical effect within the country was notable. A group called Qilin sand claimed responsibility for the cyberattack. We are talking about an organization that operates under a “ransomware as a service” model and that has already been involved in attacks on large companies. Asahi did not confirm that version or detail the type of intrusion. In any case, The Japanese Government maintains an investigation open to clarify what happened. Asahi is keeping its recovery plan underway, focused on gradually restoring ordering and shipping systems. As we say, the immediate priority is normalize production and fully reopen its customer service center. Starting in mid-October, the company hopes to increase the pace of distribution and recover part of the catalog affected by delays. It has not yet set a date for full restoration, but it assures that security measures will be reinforced before returning to one hundred percent operation. Images | Asahi (1, 2) | freepik In Xataka | How often should we change ALL our passwords according to three cybersecurity experts

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.