{"id":224120,"date":"2024-02-13T11:59:29","date_gmt":"2024-02-13T11:59:29","guid":{"rendered":"https:\/\/bm.dev.synology.me\/?p=224120"},"modified":"2024-02-13T11:59:29","modified_gmt":"2024-02-13T11:59:29","slug":"inca-cinci-spitale-atacate-cibernetic-se-cer-peste-150-000-de-euro-rascumparare","status":"publish","type":"post","link":"https:\/\/bm.dev.synology.me\/?p=224120","title":{"rendered":"\u00cenc\u0103 cinci spitale atacate cibernetic. Se cer peste 150.000 de euro r\u0103scump\u0103rare"},"content":{"rendered":"<p>\nPotrivit DNSC este vorba despre Institutul de Fonoaudiologie \u015fi Chirurgie Func\u0163ional\u0103 ORL \u201eProf. Dr. D. Hociot\u0103\u201d, Bucure\u015fti, Sanatoriul de Pneumoftiziologie Brad, Hunedoara, despre Spitalul de Pneumoftiziologie Ro\u015fiorii de Vede, Spitalul Or\u0103\u015fenesc B\u0103icoi \u015fi Clinica Sante C\u0103l\u0103ra\u015fi (clinic\u0103 privat\u0103).<\/p>\n<p>\n\u201eExist\u0103 o cerere de ransom (r\u0103scump\u0103rare) de 3,5 BTC (aproximativ 157.000 euro). \u00cen mesajul atacatorilor nu se specific\u0103 un nume de grupare care revendic\u0103 acest atac, ci doar o adres\u0103 de e-mail. At\u00e2t Directoratul, c\u00e2t \u015fi alte autorit\u0103\u0163i cu atribu\u0163ii \u00een domeniul securit\u0103\u0163ii cibernetice implicate \u00een analiza acestui incident recomand\u0103 s\u0103 nu se ia leg\u0103tura cu atacatorii \u015fi s\u0103 nu se pl\u0103teasc\u0103 r\u0103scump\u0103rarea cerut\u0103\u201d, transmite DNSC.<\/p>\n<p>\nSpitalele care folosesc platforma HIPOCRATE, indiferent dac\u0103 au fost afectate sau nu, au primit \u00eenc\u0103 de luni din partea DNSC o serie de recomand\u0103ri pentru gestionarea corect\u0103 a situa\u0163iei, respectiv c\u0103 identifice sistemele afectate \u015fi s\u0103 le izoleze imediat\u0103 de restul re\u0163elei, c\u00e2t \u015fi de la internet, s\u0103 p\u0103streze copii a mesajului de r\u0103scump\u0103rare \u015fi orice alte comunic\u0103ri de la atacatori. Aceste informa\u0163ii sunt utile pentru autorit\u0103\u0163i sau pentru analiza ulterioar\u0103 a atacului, s\u0103 nu opreasc\u0103 echipamentul afectat. Oprirea acestuia va elimina dovezile p\u0103strate \u00een memoria volatil\u0103 (RAM). S\u0103 colecteze \u015fi s\u0103 p\u0103streze toate informa\u0163iile de tip jurnal relevante, de pe echipamentele afectate, dar \u015fi de la echipamente de re\u0163ea, firewall. S\u0103 examineze jurnalele de sistem pentru a identifica mecanismul prin care a fost compromis\u0103 infrastructura IT, s\u0103 informeze imediat to\u0163i angaja\u0163ii \u015fi s\u0103 notifice clien\u0163ii \u015fi partenerii de afaceri afecta\u0163i cu privire la incident \u015fi amploarea acestuia, s\u0103 restaureze sistemele afectate pe baza copiilor de rezerv\u0103 a datelor, dup\u0103 ce s-a efectuat o cur\u0103\u0163are complet\u0103 a sistemelor. Este absolut necesar s\u0103 se asigure c\u0103 backup-urile sunt neafectate, actualizate \u015fi sigure \u00eempotriva atacurilorm, s\u0103 se asigure c\u0103 toate programele, aplica\u0163iile \u015fi sistemele de operare sunt actualizate la ultimele versiuni \u015fi c\u0103 toate vulnerabilit\u0103\u0163ile cunoscute sunt corectate.<\/p>\n<p>\n\u00cen urma datelor colectate de echipa de investiga\u0163ii a Directoratului, luni seara DNSC a transmis c\u0103 desf\u0103\u015foar\u0103 o investiga\u0163ie asupra unui atac cibernetic executat cu aplica\u0163ia ransomware Backmydata, un virus din familia ransomware Phobos, care a criptat datele din serverele mai multor spitale din Rom\u00e2nia care folosesc platforma informatic\u0103 HIPOCRATE.<\/p>\n<p>\nLuni seara au fost confirmat faptul c\u0103 21 de spitale au fost afectate \u00een urma atacului. Spitalul de Pediatrie Pite\u015fti a fost afectat \u00eencep\u00e2nd de s\u00e2mb\u0103t\u0103 10 februarie 2024. Celelalte spitale au fost afectate \u00eencep\u00e2nd cu 11-12 februarie 2024: Spitalul Jude\u0163ean de Urgen\u0163\u0103 Buz\u0103u, Spitalul Jude\u0163ean de Urgen\u0163\u0103 Slobozia, Spitalul Clinic Jude\u0163ean de Urgen\u0163\u0103 \u201eSf. Apostol Andrei\u201d Constan\u0163a, Spitalul Jude\u0163ean de Urgen\u0163\u0103 Pite\u015fti, Spitalul Militar de Urgen\u0163\u0103 \u201eDr. Alexandru Gafencu\u201d Constan\u0163a, Institutul de Boli Cardiovasculare Timi\u015foara, Spitalul Jude\u0163ean de Urgen\u0163\u0103 \u201eDr. Constantin Opri\u015f\u201d Baia Mare, Spitalul Municipal Sighetu Marma\u0163iei, Spitalul Jude\u0163ean de Urgen\u0163\u0103 T\u00e2rgovi\u015fte, Spitalul Clinic Col\u0163ea, Spitalul Municipal Medgidia, Institutul Clinic Fundeni, Institutul Oncologic \u201eProf. Dr. Al. Trestioreanu&#8221; Bucure\u015fti (IOB), Institutul Regional de Oncologie Ia\u015fi (IRO Ia\u015fi), Spitalul de Ortopedie \u015fi Traumatologie Azuga, Spitalul or\u0103\u015fenesc B\u0103icoi, Spitalul Clinic de Urgen\u0163\u0103 Chirurgie Plastic\u0103, Reparatorie \u015fi Arsuri Bucure\u015fti, Spitalul de Boli Cronice Sf. Luca, Spitalul Clinic C.F. nr. 2 Bucure\u015fti, Centrul medical MALP SRL Moine\u015fti.<\/p>\n<p>\nConform datelor DNSC, celelalte 79 de unit\u0103\u0163i din sistemul de s\u0103n\u0103tate au fost deconectate de la internet \u015fi asupra lor se desf\u0103\u015foar\u0103 investiga\u0163ii suplimentare pentru a se stabili daca au fost (sau nu) \u0163inta atacului.<\/p>\n<p>\nMajoritatea spitalelor afectate au copii de siguran\u0163\u0103 a datelor de pe serverele afectate, cu date salvate relativ recent (1-2-3 zile \u00een urm\u0103) cu excep\u0163ia unuia, ale c\u0103rui date au fost salvate cu 12 zile \u00een urm\u0103. Aceasta ar putea permite restaurarea mai facil\u0103 a serviciilor \u015fi a datelor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La \u00eenc\u0103 cinci spitale se confirm\u0103 incidentul de securitate cibernetic\u0103, dar nu exist\u0103 p\u00e2n\u0103 acum niciun indiciu referitor la exfiltrarea datelor, transmite, mar\u0163i, Directoratul Na\u0163ional de Securitate Cibernetic\u0103 (DNSC).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[510],"tags":[56922,32726,14542],"class_list":["post-224120","post","type-post","status-publish","format-standard","hentry","category-actualitate","tag-cibernetci","tag-rascumparare","tag-spital"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/224120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=224120"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/224120\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=224120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=224120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=224120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}