Massive Breach: 3m Healthcare Records Compromised

Hackers have reportedly breached the systems of Norway's Health South East RHF regional administration, with nearly three million patients' data potentially compromised as a result.

The breach was announced by the authority, after it had been notified by HelseCERT, the Norwegian healthcare sector's national information security centre, that there had been abnormal activity against computer systems in the region.
HelseCert said that data theft had taken place and that the hackers were ‘advanced' and ‘professional'.

"We are in a phase where we try to get an overview. It's far too early to say how big the attack is. We are working to acquire knowledge of all aspects, " Kjetil Nilsen, director of NorCERT, the National Security Authority (NSM), which is also helping with the investigation, told Norwegian publication VG. "Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities," he added.

Meanwhile the CEO of Health South East RHF, Cathrine M. Lofthus said that the situation was "very serious" and that measures had been taken to limit the damage caused by the hack.

She said that the potential data theft has not had any impact on patient care or patient safety, as yet, and added that staff within the health sector and government were working to resolve the situation. The police have been notified, but as yet there are more questions than answers.

Nilsen said that the data could have been hacked to use for cyber espionage, or perhaps it is likely to be used by someone who provides services based on healthcare information.

However, as the health records would also include people who work in government, secret services, military and intelligence staff, politicians and other public individuals, there are some that believe the data could be used for other purposes.
Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said that it's possible that someone working for a foreign state intended to collect information that may harm fundamental national interests relating to the area's infrastructure.

Computing

You Might Also Read: 

Healthcare Suffers Most Cyber Security Incidents:

Essentials: A Cybersecurity Strategy For Healthcare:

« The Big Online Advertising Swindle
Twitter Reveals True Extent Of Russian US Election Posts »

Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

SurfWatch Labs

SurfWatch Labs

SurfWatch Labs delivers cyber risk intelligence solutions that help organizations understand the potential for cyber-attacks, determine the impact to their business and proactively address threats.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.