Norway flag

A hacker or hacker group might have stolen healthcare data for more than half of Norway's population, according to reports in local press.

The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway's southeast region, announced a security breach on its website.

The organization said HelseCERT, the country's CERT division for the healthcare sector, had identified suspicious traffic coming from Health South-East's computer network.

An investigation by the IT staff at Sykehuspartner HF —Health South East RHF parent company— revealed evidence of a severe data breach.

"An advanced and professional player"

"This is a serious situation and measures have been taken to limit the damage caused by the incident," said Health South East RHF and Sykehuspartner HF in a joint statement.

Health South-East RHF characterized the attacker as "an advanced and professional player."

Law enforcement has been notified, as well as NorCERT, the country's CERT team.

Over 2.9 million users potentially affected

Health South-East RHF manages healthcare units in nine of Norway's 18 counties. The list includes the counties of Akershus (includes Norway's capital Oslo), Aust-Agder, Buskerud, Hedmark, Oppland, Østfold, Telemark, Vest-Agder, and Vestfold.

According to local press [1, 2], Health South-East RHF is the largest of Norway's four healthcare regions with hospitals serving 2.9 million of the country's total of 5.2 million inhabitants.

"A number of measures have been implemented to remove the threat, and further measures will be implemented in the future," said Norway's Ministry of Health and Care in a statement.

Authorities are still investigating the incident to determine the size of the breach, but local press fears the "suspicious traffic" HelseCERT detected was the hacker siphoning off patient data.

HPE's computer systems ruled out as source of the hack

In the autumn of 2016, Health South-East RHF signed a contract with Hewlett Packard Enterprise to modernize its computer systems, but the contract was dropped after local press disclosed poor security controls when accessing patient healthcare information.

"We do not see any connection between this attack and that project," Cathrine Lofthus, CEO of Health South-East RHF told a Norwegian newspaper.

Norwegian security researchers have also been very critical of Health South-East RHF whose top managers have been telling users to relax as their data was safe even before finishing the investigation into the hack. Many fear the hack is much worse than the organization is letting believe.

The leak, if confirmed, is still nowhere near to what happened in Sweden, where a government contractor leaked the personal details of all the country's citizens. The person responsible was fined only a half a month's paycheck.

Related Articles:

Weight Watchers IT Infrastructure Exposed via No-Password Kubernetes Server

Data of Over 200 Million Japanese Sold on Underground Hacking Forum

Police Drop Charges Against Canadian Teen Who Downloaded FOIA Documents

Exposed MongoDB Server Exposes Details of Cryptocurrency Users

Thousands of Apps Leak Sensitive Data via Misconfigured Firebase Backends