Romanian hospitals went offline for four days after hackers forced the pen-and-paper scramble
A national cyber-attack hit dozens of hospitals for 4 days, and pen and paper became the fastest way to keep care moving.
In Romania, dozens of hospitals went offline for four days during a national cyber-attack while cyber-experts worked to defeat the hackers. For healthcare leaders and boards, the episode shows how continuity plans can collapse without simple, analog fallback systems.
For four days, dozens of Romanian hospitals went offline as cyber-experts sought to defeat the hackers. In an era where most hospital operations run on connected systems, that kind of interruption is not a minor IT incident. It is a live continuity crisis: care pathways stall, scheduling breaks, clinicians lose access to records, and every minute becomes a risk management problem.
The striking part is what followed the outage. The approach described in the story centers on hospitals switching to pen and paper to keep working while the attack was being fought. That is the core lesson decision-makers should underline immediately: when the digital system is the battlefield, the fallback cannot be another “maybe later” patch. It has to be usable on the ground, under pressure, by people who are already overwhelmed.
Why would hospitals even have a pen-and-paper option in the first place? Because healthcare is one of the most unforgiving environments for downtime. Hospitals have mission-critical workflows, lots of regulated documentation, and high dependency on systems that coordinate everything from patient data to internal communication. In many organizations, those systems are interlinked. When a national cyber-attack hits at scale, the blast radius can be broader than a single facility. That is exactly what the Romanian case highlights: dozens of hospitals were affected, which suggests the issue was not just a local network misconfiguration. It was big enough to force an across-the-board operational pivot.
From a boardroom perspective, this is a continuity planning stress test. Most organizations have business continuity and disaster recovery plans, and many will mention backups, redundancy, and response teams. But the uncomfortable question is whether those plans assume IT will cooperate. In a cyber-attack, IT may be the target, the entry point, or both. The “pen and paper” move is effectively a refusal to wait for certainty that systems will return in time. It is also a reminder that operational resilience is not just about architecture diagrams. It is about whether the organization can run essential processes when the network is dark.
This also puts governance and incentives under a harsh light. Healthcare leaders often have to balance efficiency with risk. Digital systems can reduce friction and improve traceability, which is attractive to regulators, payers, and internal performance metrics. However, the same systems increase the surface area for cyber risk. When a national attack causes hospitals to go offline for four days, it exposes what happens when the efficiency gains meet adversarial reality. Boards that focus only on uptime metrics can miss the deeper question: what is the organization’s manual operational capacity, and can it be deployed quickly across many sites?
Regulatory expectations in healthcare typically push organizations to maintain records and protect patient information. Those obligations can complicate incident response. Yet the Romanian hospitals’ experience suggests a practical priority ordering under attack: maintain care continuity even if the documentation workflow changes temporarily. In other words, “staying operational” becomes a first-order goal while specialists work to defeat the hackers. That aligns with how incident response usually plays out in high-stakes sectors: contain the threat, restore critical operations safely, and document what happened so the response can be improved.
Second-order implications follow fast. If dozens of hospitals go offline, the knock-on effects include staff fatigue, delayed admissions, backlog of tests, and potential downstream impact on clinical outcomes. Even when cyber-experts are working to defeat the hackers, the hospital still has to function moment by moment. That is why analog workarounds matter beyond “emergency mode.” They can also be used to bridge the gap between digital recovery and the re-establishment of trusted systems. Executives should think of pen and paper not as a retro stunt, but as a temporary operating system.
For peers facing similar cyber exposure, the strategic stake is simple: resilience is measured in days, not in incident headlines. The Romanian episode lasted four days, and the hospitals responded by switching away from digital operations to pen and paper while specialists battled the attackers. That is a blueprint for what to demand from continuity planning now: a rapid, credible path to manual operations at scale, and the governance to fund and test it before the next national-scale event.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology
RoboCare gets a six-figure investment from 216 Capital on June 23, 2026
The Tunisian precision-agtech startup uses satellite, drone, IoT, and AI to expand into Africa and the Middle East.
Prime Day drops $240 off Roborock Saros 20 to $1,359.99
A $240 markdown turns Roborock's robovac and mop hybrid into a hands-off home upgrade, with performance details that matter.
Oracle cut 21,000 jobs in a year as AI pushed its workforce down
A SEC filing ties the 12.9% reduction to AI adoption, while Oracle keeps funding debt-fueled data center buildout.