In a striking demonstration of low-tech resilience, more than 100 hospitals across Romania repelled a sophisticated ransomware attack last week by reverting to paper-based systems. The incident, which crippled digital infrastructure in the country’s healthcare network, has prompted the UK’s National Cyber Security Centre (NCSC) to urge a major review of NHS preparedness.
At 3:15 AM local time on Tuesday, a coordinated assault targeted the Hospital Information System (HIS) used by nearly a third of Romanian medical facilities. Hackers deployed the ‘Ryuk’ variant of ransomware encrypting patient records scheduling databases and administrative files. Demands for Bitcoin payment were made for each compromised system.
Rather than capitulating or attempting risky decryption staff at affected hospitals immediately switched to manual operations. Paper admission forms were dug out from storage. Handwritten prescriptions replaced digital orders. X-rays were physically transported between wards. Laboratory results were communicated verbally or via handwritten notes. The transition was completed within two hours at most facilities.
Dr. Andrei Popescu director of the Bucharest University Emergency Hospital described the response: ‘Our clinicians were trained for this possibility. We run drills every six months. When the screens went black we grabbed the clipboards.’ The hospital processed 340 patients during the blackout period with zero critical incidents.
The attack lasted 72 hours. During this time only three of the 100 affected hospitals experienced any delay in life-saving procedures. The rest maintained near-normal operations. ‘It was exhausting but it worked,’ said nurse Maria Ionescu at the Constanta County Hospital. ‘We realised how much we depend on computers. But we also remembered we are humans who can adapt.’
Romania’s digital health infrastructure has long been considered vulnerable. A 2022 EU cybersecurity audit found that 60% of Romanian hospitals lacked basic endpoint protection. Yet the very simplicity of their systems became a strength. Many hospitals used isolated networks with minimal interoperability making lateral movement by attackers difficult. The quick decision to unplug affected servers prevented the ransomware from spreading.
The incident has sent shockwaves through global health cybersecurity networks. Dr. Ciaran Martin former CEO of the NCSC stated: ‘The Romanian response is a textbook example of resilience. But it also reveals a dangerous complacency in modern healthcare. We have become so digitised that we forget the fundamental purpose of a hospital: to treat patients regardless of circumstances.’
In a statement released Thursday the NCSC announced an urgent review of NHS contingency plans for cyber-attacks. ‘We cannot rely solely on technology to save us,’ said a spokesperson. ‘The Romanian example shows that human ingenuity and simple processes are the ultimate backup.’ The review will assess paper-based fallback protocols staff training for manual operations and the feasibility of air-gapped emergency systems.
This event underscores a deeper principle in complex systems: redundancy is not inefficiency. The Romanian hospitals maintained parallel capabilities that most modern facilities have discarded. Their success is a scientific demonstration of what systems theorists call ‘requisite variety’ the idea that a system’s internal complexity must match that of its environment. By preserving low-tech options they matched the unpredictable nature of cyber threats.
Climate analogies are apt here. Like the global energy grid which must balance renewable sources with fossil fuel baseload healthcare IT must blend digital efficiency with analogue robustness. We do not prepare for the most likely scenario we prepare for the survivable one.
As Romania’s hospitals now painstakingly restore their digital systems the rest of the world watches. The pen may not be mightier than the sword but against ransomware it just might be more effective.
