Hackers have breached the systems of Norway’s Health South East RHF (Helse Sør-Øst RHF), and possibly made off with personal information and health records of approximately 3 million Norwegians.

Health South-East is investigating an unauthorized intrusion into its IT systems which may have breached the personal data of over half the country’s population.

The country’s healthcare IT security center, HelseCert, notified IT delivery partner Sykehuspartner HF (Hospital Partner HF) of “abnormal activity” at the beginning of the month, Health South East said in a statement last week.

HelseCert said that data theft had taken place and that the hackers were ‘advanced’ and ‘professional’.

Measures have been taken to mitigate and remediate the threat, with HelseCert and national security authority NorCert leading the efforts.

Meanwhile the CEO of Health South East RHF, Cathrine M. Lofthus said that the situation was “very serious” and that measures had been taken to limit the damage caused by the hack.

She said that the potential data theft has not had any impact on patient care or patient safety, as yet, and added that staff within the health sector and government were working to resolve the situation.

The police have been notified, but as yet there are more questions than answers.

Infoblox director of Western Europe, Gary Cox, said the attack highlighted the increasing value placed on healthcare records by cyber-criminals. That’s why 85% of providers polled by the vendor in the UK and US said they’ve increased spending over the past year.

“It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data,” he added.

McAfee chief scientist, Raj Samani, warned that the affected patients may now be at risk from follow-on fraud attempts.

“The cybersecurity industry needs to work together to combat the growing rate of cybercrime targeting public services by making threat intelligence sharing compulsory so that they are best equipped to defend against this threat,” he urged.

Kjetil Nilsen, director of NorCERT, the National Security Authority (NSM), which is also helping with the investigation, said that the data could have been hacked to use for cyber espionage, or perhaps used by someone who provides services based on healthcare information.

However, as the health records would also include people who work in government, secret services, military and intelligence staff, politicians and other public individuals, there are some that believe the data could be used for other purposes.

Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said that it’s possible that someone working for a foreign state intended to collect information that may harm fundamental national interests relating to the area’s infrastructure.


image: BleepingComputer