Massive ransomware attack on hospital in Szczecin: Facility switches to paper-based operations

The Independent Public Regional Polyclinic Hospital in Szczecin has fallen victim to a massive ransomware attack, which paralyzed the facility's IT systems. The incident occurred on the night of March 7-8, 2026, when unknown perpetrators managed to encrypt key databases and block access to the digital infrastructure. The effects of the attack forced medical staff to immediately switch to a traditional, paper-based documentation flow, significantly slowing down the work of all departments. The hospital's management confirmed the situation is serious and requires extraordinary security measures. The current priority is to ensure continuity of care for patients in the hospital despite the lack of access to electronic health records. Technical services have been trying to assess the scale of damage to the operating systems since the breach was detected.

The cyberattack forced the hospital management to make difficult decisions regarding the availability of some medical services for residents of the region. Some planned admissions have been suspended, and selected surgical procedures that did not require immediate life-saving intervention have been postponed. Patients arriving at the facility must expect longer waiting times for assistance and the need to manually fill out medical forms. Despite these difficulties, the hospital assures that emergency medical services and acute care units are functioning without interruption in emergency mode. Hospital IT staff, supported by external cybersecurity experts, are conducting intensive efforts to safely restore server functionality. This process is time-consuming, however, due to the need to thoroughly check whether any active elements of malicious code remain in the systems.

The incident was immediately reported to the Central Bureau for Combating Cybercrime (CBZC) and other relevant state services responsible for the country's IT security. The management of the Szczecin hospital also issued a special appeal to all patients, asking them to be particularly vigilant in the coming period. There is a real risk that the attack may have led to a breach of confidentiality of personal data and sensitive medical information. It is recommended to monitor any unusual contact attempts or suspicious operations that could suggest the use of stolen data. Experts emphasize that attacks on critical infrastructure, such as hospitals, are becoming an increasingly common challenge for healthcare systems worldwide. Ransomware attacks on medical facilities have become a global plague in the last decade, paralyzing hospitals from the United States to Western Europe. Similar incidents have occurred in Poland in the past, including at the Institute - Polish Mother's Health Center in Łódź, which always resulted in multi-day disruptions. Experts point out that the medical sector is particularly vulnerable due to the critical importance of continuous access to data for human life. Successfully recovering systems without paying a ransom typically requires having up-to-date and isolated backups.

Timeline of the incident at the Szczecin hospital: March 7, night — Attack begins; March 8, morning — Paralysis detected; March 9 — Authorities notified; March 10 — Appeal to patients