European Hospital Cyber Attack: Ransomware Attack in Romania Sparks Healthcare Crisis

A major ransomware attack on a hospital in Bucharest has reignited concerns about cybersecurity in the healthcare sector across the European Union.

A major state-run hospital in Bucharest, Romania, was hit by a comprehensive ransomware attack in March 2026, disabling critical patient records and clinical operation systems. The attack forced the hospital to redirect patient transfers, postpone elective surgeries, and revert to manual backup procedures.

Initially, the attack was attributed to a well-known state-sponsored cyber group, but this link has yet to be confirmed with conclusive evidence. This incident occurred just weeks after the ENISA's latest threat report highlighted the European healthcare infrastructure as the most targeted sector, still lacking adequate security measures.

Key factors contributing to the healthcare sector's cybersecurity vulnerability include outdated medical devices integrated into operational systems, limited IT security budgets provided by hospitals, and the difficulty of conducting regular security drills without disrupting real-time maintenance systems. The EU's NIS2 Directive includes hospitals as basic service operators in the healthcare sector; under this directive, hospitals are required to report incidents and meet minimum security requirements.

However, the consistency of this application is limited in Romania's healthcare system as a whole. The incident is being jointly investigated by Romania's cybersecurity authority, DNSC, and the EU's CERT networks.