International media outlets are reporting that a hacker or hacker group breached the systems of Norway’s Health South East EHF, potentially compromising the healthcare data of nearly 3 million patients, or about half of Norway’s population.
According to the publication The Inquirer, a UK-based technology-focused media brand, the breach was announced on Monday by the authority after it had been notified by HelseCERT, the Norwegian healthcare sector's national information security center, that there had been abnormal activity against computer systems in the region. The cyber attack took place on January 8.
“HelseCert said that data theft had taken place and that the hackers were 'advanced' and ‘professional',” according to The Inquirer article.
An article published in International Business Times today reported that the Norway’s Health South-East RHF manages hospitals in the nation’s southeast region, which comprises nine of Norway’s 18 counties. According to local press, Health South-East RHF is the largest of Norway's four healthcare regions with hospitals serving 2.9 million of the country's total of 5.2 million inhabitants.
The International Business Times article quoted a statement by Health South East RHF CEO Cathrine M. Lofthus: “This is a very serious situation, and measures have been taken to limit the damage caused by the burglary. There is close dialogue with the hospitals about this and there is so far no evidence that the burglary has had consequences for patient treatment, patient safety or patient data has been overlooked, but it is too early to conclude.”
Further, Lofthus said in the statement, “The best resources in Hospital Partners are now working together with the foremost expertise in the country to get an overview and resolve the situation.”
The IB Times article also reported that the director of Norway's ministry of healthcare, Bjørn Guldvog, deemed the data breach as serious, adding that the authorities are taking measures to ensure that any fallout caused by the breach is limited. However, Guldvog refrained from mentioning what measures had been taken to deal with the breach, the article stated.
"A number of measures have been implemented to remove the threat, and further measures will be implemented in the future," said Norway's Ministry of Health and Care in a statement.
It still remains unknown as to whether hackers were able to successfully access and exfiltrate data and if so, how many people may have been impacted by the breach.
“We are in a phase where we try to get an overview. It's far too early to say how big the attack is. We are working to acquire knowledge of all aspects,” director of the Norwegian security agency, National Security Authority (NSM), Kjetil Nilsen, told a local newspaper, according to the IB Times article.
