[BreachExchange] Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 18 18:16:55 EST 2018


Hackers have breached the systems of the Southern and Eastern Norway
Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with
personal information and health records of some 2.9 million Norwegians.

What’s known about the breach

The breach was announced on Monday by the authority.

The first to notice that something was amiss was HelseCERT, the Norwegian
healthcare sector’s national information security center, which detects
unwanted events and traffic and reports them to affected actors. HelseCERT
notified Hospital Partner HF, the company responsible for all ICT
operations in Helse Sør-Øst RHF.

Cathrine M. Lofthus, the CEO of the Southern and Eastern Norway Regional
Health Authority, said that measures have been taken to limit the damage
caused by the breach, but that it hasn’t affected patient treatment or
patient safety.

“The event is handled according to established emergency preparedness
routines and in collaboration with HelseCERT (Norwegian Helsenett SF) and
NorCERT (National Security Authority) as well as other expertise. A number
of measures have been implemented to remove the threat and further measures
will be implemented in the future,” the authority said.

Norway’s police, military intelligence and its National Security Authority
are investigating the breach, but it’s still unknown if the attackers
managed to access and exfiltrate patient data.

“Due to pending investigations, there is not much information available
about the breach itself. Still, it is said to involve a serious foreign
actor, with speculations pointing to a state actor,” Kai Roer, CEO at
Norwegian security culture company CLTRe, told Help Net Security.

Helse Sør-Øst RHF says that “the threat actor is an advanced and
professional player.”


Norwegian public health care is divided into several regions, and the
Southern and Eastern Norway Regional Health Authority covers the counties
of Akershus, Aust-Agder, Buskerud, Hedmark, Oppland, Telemark, Vest-Agder,
Vestfold, Østfold, and Oslo (the country’s capital).

Health records found here will most probably include that of government and
secret police employees, military and intelligence staff, politicians and
other public individuals.

Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said
that it’s possible that someone working for a foreign state aimed to
collect information that may harm fundamental national interests relating
to the community infrastructure.

But, it could just as easily turn out that the attackers were merely after
data they can sell on to the highest bidder.

“The healthcare sector is known to be a target for hackers, and the
healthcare sector in Norway is no exception. 2,8 m patient records lost is
equal to half of Norway’s total population, and as such must be considered
a major breach,” Roer noted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180118/d42c1a93/attachment.html>

More information about the BreachExchange mailing list