Cybercriminals appear to have stolen healthcare data of more than half of Norway's population. Health South-East RHF, an organization that manages hospitals in Norway's southeast region, confirmed the security breach on its website that could have led to data theft of over 2.9 million Norwegians.
Health South-East RHF learned about this breach when HelseCERT, Norway's CERT division for the healthcare sector, identified suspicious traffic coming from HSERHF's networks. The investigation led to evidence of a severe data breach. "Monday, January 8, Hospital Partner HF was notified by HelseCert (Norsk Helsenett SF) that there was abnormal activity against computer systems in the region," Health South-East said in a breach notification (translated using Google) on its website. The organization has also added that the culprit is an "advanced and professional player."
"It has revealed burglaries in computer systems and the threat actor is an advanced and professional player. Hospital partners HF and Helse Sør-Øst RHF look very serious about the situation, and the burglary has been reported to the police. Both Health South-East RHF and Hospital Partner HF are in standby."
It assured that "measures have been taken to limit the damage caused by the burglary." So far there is no evidence if the data theft has had any consequences for patient safety. However, as we have seen in several data breaches, true nature of these attacks usually comes to the front after months of investigation and sometimes not until hackers dump that data online. Health South-East also said that "it is too early to conclude" if this will have any effects.
The firm manages healthcare units of nine of Norway's 18 counties, including Akershus (where Oslo is), Aust-Agder, Buskerud, Hedmark, Oppland, Østfold, Telemark, Vest-Agder, and Vestfold. Local reports suggest that this brings the number of affected people to over 2.9 million of the country's population of 5.2 million.
The country's law enforcement and NorCERT (National Security Authority) have been notified of the breach. "A number of measures have been implemented to remove the threat and further measures will be implemented in the future," the organization said. However, this might actually be too late as over half of the country's citizens will have to scramble to protect their identities. The complete details of what data exactly was included in the databases remains unknown.