100 Hospitals Use Pen and Paper to Defeat Cyber Attack

How 100 hospitals switched to pen and paper became a defining moment in Romania’s fight against a nationwide cyber-attack. In early February 2024, a targeted ransomware attack disrupted the country’s healthcare system, forcing medical staff to rely on physical records to keep operations running. The breach originated at RSC, a Bucharest-based software firm, and quickly spread to hospitals using its Hippocrates platform. With digital systems compromised, the decision to revert to analog methods was both a tactical move and a temporary solution to safeguard patient care.

System Collapse and Immediate Action

The cyber-attack left over 100 hospitals grappling with encrypted files and disconnected networks. Hippocrates, a widely adopted software for managing patient data, became the entry point for the BackMyData ransomware. As the malware spread, critical operations like medication tracking and diagnostic reporting were halted. Cyber-chief Dan Cimpean made a pivotal call: disconnecting all hospitals from the internet to contain the breach. This drastic measure, implemented by midday on 10 February, paused the attack’s progression but required medical teams to adapt rapidly to manual workflows.

“The system wasn’t just a tool—it was the backbone of our workflow. When it failed, we lost track of lab results, radiology scans, and medication records. Every patient’s care became a puzzle to solve without digital support.” – Oana Goidescu, surgeon at Buzău Hospital

In the absence of electronic systems, hospitals resorted to handwritten notes, phone calls, and physical documentation. Staff at Pitești Children’s Hospital, for instance, manually recorded patient data as the Hippocrates software went offline. This shift to pen and paper highlighted the resilience of healthcare professionals in the face of digital disruption.

Recovery Efforts and Public Communication

While the attack created immediate chaos, it also spurred a coordinated recovery effort. IT teams worked tirelessly to isolate the malware and restore systems, but the process took time. During this period, the DNSC ensured transparency by providing regular updates to the public. Mihai Rotariu, head of communications at the center, stressed the importance of clear messaging. “Keeping patients and staff informed helped reduce panic and maintain trust,” he said. The manual systems, though inefficient, allowed critical care to continue without major setbacks.

Some hospitals managed to reconnect within days, but others faced prolonged delays. In these cases, staff relied on pen and paper to document patient details, track treatments, and coordinate with pharmacies. Despite the challenges, the move to analog methods proved effective in preventing further disruptions. “We were asked, ‘What if it were your mother?’ They were right to be upset, but we tried to explain we were not at fault,” noted Goidescu, reflecting on the public’s reaction to the crisis.

Lessons from the Cyber Crisis

The incident underscored the importance of backup systems in critical sectors. By switching to pen and paper, hospitals demonstrated how analog tools can serve as a lifeline during digital failures. The DNSC highlighted that 26 hospitals had been directly infected, but the broader impact was felt across the country. The attack also revealed vulnerabilities in widely used software, prompting a reevaluation of cybersecurity protocols in healthcare. “This event showed how quickly a ransomware threat can escalate,” said Rotariu, adding that lessons learned would shape future defenses.

How 100 hospitals switched to pen and paper remains a case study in emergency preparedness. The rapid decision to disconnect networks and the subsequent reliance on manual methods prevented a deeper crisis. As the FBI notes, healthcare systems are now the most targeted sector of critical national infrastructure, making such adaptive strategies essential. The Romanian response has since been praised for its efficiency, proving that even in the digital age, a return to basics can be a powerful defense against cyber threats.