Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians.
What’s known about the breach
The breach was announced on Monday by the authority.
The first to notice that something was amiss was HelseCERT, the Norwegian healthcare sector’s national information security center, which detects unwanted events and traffic and reports them to affected actors. HelseCERT notified Hospital Partner HF, the company responsible for all ICT operations in Helse Sør-Øst RHF.
Cathrine M. Lofthus, the CEO of the Southern and Eastern Norway Regional Health Authority, said that measures have been taken to limit the damage caused by the breach, but that it hasn’t affected patient treatment or patient safety.
“The event is handled according to established emergency preparedness routines and in collaboration with HelseCERT (Norwegian Helsenett SF) and NorCERT (National Security Authority) as well as other expertise. A number of measures have been implemented to remove the threat and further measures will be implemented in the future,” the authority said.
Norway’s police, military intelligence and its National Security Authority are investigating the breach, but it’s still unknown if the attackers managed to access and exfiltrate patient data.
“Due to pending investigations, there is not much information available about the breach itself. Still, it is said to involve a serious foreign actor, with speculations pointing to a state actor,” Kai Roer, CEO at Norwegian security culture company CLTRe, told Help Net Security.
Helse Sør-Øst RHF says that “the threat actor is an advanced and professional player.”
Norwegian public health care is divided into several regions, and the Southern and Eastern Norway Regional Health Authority covers the counties of Akershus, Aust-Agder, Buskerud, Hedmark, Oppland, Telemark, Vest-Agder, Vestfold, Østfold, and Oslo (the country’s capital).
Health records found here will most probably include that of government and secret police employees, military and intelligence staff, politicians and other public individuals.
Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said that it’s possible that someone working for a foreign state aimed to collect information that may harm fundamental national interests relating to the community infrastructure.
But, it could just as easily turn out that the attackers were merely after data they can sell on to the highest bidder.
“The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.