Over 100 Romanian hospitals were disconnected from the internet during a massive cyber-attack in February 2024, forcing medical staff to switch to pen and paper. This was reported by Qazaqyia.kz citing BBC News.

Surgeon Oana Goidescu was on shift when her hospital was hit. Criminals were infecting computer networks through popular medical software, spreading across Romania. It was one of the worst attacks on healthcare systems worldwide.

Romania's national cyber-security centre (DNSC) chief Dan Cimpean made a tough decision: order over 100 hospitals to disconnect from the internet. This stopped the hackers and bought time to assess the attack. But it meant no connected devices, emails, or web browsers.

Medical staff had to switch to pen and paper, improvising workarounds to protect patients. Their actions have been widely praised and became a test case for international disaster planners.

Surgeon Oana Goidescu was on shift at Buzău Hospital when the alert came that attackers had breached Bucharest-based software firm RSC, infecting the widely used Hippocrates medical system. "It was quite an unpleasant experience, because an IT record is not just a list of patients. For each patient, we request lab tests, radiology, medicines and supplies. All of that was gone," she said.

Hippocrates is used by doctors, nurses and surgeons to manage everything from admissions to payroll, pharmacy logistics and test results. The attackers spread a ransomware strain called BackMyData, scrambling files and demanding a ransom in bitcoin.

Staff at Pitești children's hospital were the first to notice errors on Sunday morning. By dawn on Monday, many hospitals reported Hippocrates was down.

With hospitals offline, cyber-experts worked with Hippocrates' maker to identify infected systems and kick out hackers. Doctors created workarounds. "When we saw the system would not be repaired quickly, we developed an offline method so we could register every patient," said Vlad Paic from Carol Davila Hospital in Bucharest. "We asked the laboratory to give us results on paper. We used Excel and other offline tools to ensure care was not affected."

Cyber-investigators worked through the night and found 26 hospitals infected with BackMyData. The next day, uninfected hospitals were brought back online with added protections.

DNSC used media to communicate with hospitals and the public. Public messaging urged patients to avoid hospitals unless necessary. But waiting rooms were still filling up, and Goidescu said some frustrated patients took their anger out on staff. "We were asked, 'What if it were your mother?' They were right to be angry, but we tried to explain we were not at fault," she said.

Another key message was that hospitals should not contact hackers or pay the ransom. The attackers demanded €160,000 (£138,000; $183,000) in bitcoin, but a national decision was taken not to pay.