How 100 Hospitals Switched to Pen and Paper to Cope with Cyber-Attack
How 100 hospitals switched to pen – In February 2024, a nationwide cyber-attack crippled Romania’s healthcare system, forcing 100 hospitals to rely on pen and paper to keep operations running. Surgeon Oana Goidescu, working at Buzău Hospital near Bucharest, described the sudden disruption as a “total collapse of digital systems.” The attack exploited a widely used medical software called Hippocrates, which was infected by ransomware named BackMyData. As the malware spread, hospitals faced a critical decision: either pay the ransom or revert to manual methods. The choice to disconnect from the internet and use pen and paper proved vital in containing the threat.
The Crisis Unfolds: A Digital System Under Fire
The cyber-attack began with a targeted breach of Hippocrates, a software platform used by over 200 healthcare institutions in Romania. Once infected, the ransomware encrypted critical patient data, forcing hospitals to halt electronic record-keeping. Doctors, nurses, and administrators scrambled to adapt, with some using handwritten notes to document patient conditions, medications, and treatment plans. At Carol Davila Hospital in Bucharest, Vlad Paic explained how staff managed to maintain care by creating offline registration forms and using Excel spreadsheets to track medical records. “Every patient’s file was gone,” Paic said, “but we found a way to keep things moving with pen and paper.”
“It was quite an unpleasant experience because an IT record is not just a list of patients,” said Oana Goidescu, reflecting on the sudden loss of digital systems. “For each patient, we needed lab tests, radiology, medicines, and supplies—everything was gone.”
The disruption was severe, with some hospitals reporting delays in treatment and confusion among patients. In one instance, a critical care unit at a Bucharest hospital had to manually record vital signs for patients, relying on pre-printed forms and cross-checking data with colleagues. This makeshift system, though labor-intensive, prevented a complete breakdown of services. Meanwhile, the national cybersecurity center (DNSC) worked tirelessly to isolate the malware and restore the system, but the initial response required a temporary shift to analog methods to ensure patient safety.
A Global Lesson in Cyber Resilience
The Romanian incident highlighted a growing concern: healthcare systems are prime targets for cyber-attacks. According to the FBI, the sector is now the most vulnerable part of critical national infrastructure, with ransomware attacks increasing by 120% in 2023 alone. The February 2024 breach, which infected 26 hospitals with BackMyData, demonstrated how swiftly digital systems can be compromised. However, the rapid adoption of pen and paper allowed medical teams to mitigate the impact, proving that analog solutions can be a lifeline in times of crisis.
As the attack spread, hospitals faced a dilemma: pay the €160,000 ransom or risk losing data permanently. Many opted to disconnect from the internet, preventing further contamination. This decision, while disruptive, allowed IT specialists to work in isolation and develop a plan to restore systems. The process was not without challenges—some hospitals had to re-enter data manually, which took hours to complete. Despite the effort, the switch to pen and paper ensured that patient care continued, even as the digital infrastructure was under siege.
Public health officials emphasized the importance of this manual approach during the crisis. Messages were sent to patients advising them to avoid non-urgent visits, but waiting rooms remained packed. Oana Goidescu recalled instances where frustrated patients questioned the delay in care, highlighting the human toll of the attack. “There was a lot of anxiety,” she said. “But by using pen and paper, we kept the system functional and gave ourselves time to recover.”
Lessons for the Future: Strengthening Cyber Defenses
The Romanian response to the cyber-attack has been recognized as a model for emergency preparedness. By prioritizing pen and paper over digital systems, hospitals minimized the risk of data loss and ensured continuity of care. Cyber-experts noted that this approach allowed them to identify the ransomware’s behavior and implement countermeasures without the threat of encrypted data being held hostage. “It was a massive test of resilience,” said Mihai Rotariu, head of communications at the DNSC. “Switching to pen and paper bought us time to assess the situation and secure our systems.”
The incident also sparked discussions about the need for hybrid backup strategies in healthcare. While digital systems offer efficiency, they can become a single point of failure during an attack. As a result, many hospitals are now investing in both paper-based records and offline data storage to create a safety net. The DNSC plans to implement stricter security protocols for Hippocrates, including regular backups and multi-factor authentication. “We learned that in a crisis, having a manual system is essential,” Rotariu added. “It’s a simple but effective way to protect patients and maintain operations.”
Experts believe the Romanian example could influence global cybersecurity strategies. With ransomware attacks becoming more frequent and sophisticated, the ability to switch to analog methods in emergencies is a valuable tool. The success of pen and paper during the February 2024 attack has already inspired similar measures in other countries. “This was a turning point for healthcare cybersecurity,” said a spokesperson from the European Union Agency for Cybersecurity. “It showed that preparation and adaptability are key to overcoming digital threats.”
