Another government database has been breached. This time, hackers gained access to the medical record of half the population of Norway.
Earlier this month, we brought you the story of the Aadhaar database breach. In that, biometric information of 1 billion people were exposed to anyone willing to pay 500 rupees (less than $10 Canadian). If you thought that this would be the only major government database breach this month, you thought wrong.
According to Bleeping Computers, hackers may have gained access to the computer network of Health South East RHF. From the report:
The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.
The organization said HelseCERT, the country’s CERT division for the healthcare sector, had identified suspicious traffic coming from Health South-East’s computer network.
An investigation by the IT staff at Sykehuspartner HF —Health South East RHF parent company— revealed evidence of a severe data breach.
The hack is already making the rounds in security circles. From SC Magazine:
Many commentators, including Raj Samani, chief scientist and Fellow at McAfee drew comparisons with the recent hack on a US hospital, with Samani noting in an email to SC Media UK that: “Unlike the ransomware attack on Hancock Regional Hospital in Greenfield (USA) earlier this week that exploited hospitals’ need to avoid disruption to services, this hack has exposed a massive amount of data that could have significant repercussions on the individuals – exposing them to fraud.”
Gary Cox, director of Western Europe at Infoblox concurred, commenting to SC Media UK: “The wealth of sensitive information held by healthcare organisations is immensely valuable to criminals and, as technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyber-attacks stealing sensitive patient data, disrupting services, and putting lives at risk.
“It’s little surprise, therefore, that 85 percent of healthcare providers have reported an increase in their cyber-security spending over the past year, with a third investing in DNS security solutions, which can actively disrupt attempts at data exfiltration.
He adds: “It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”
Since the preliminary reports, authorities are now finding themselves in the preliminary stages of the investigation. From Computing:
HelseCert said that data theft had taken place and that the hackers were ‘advanced’ and ‘professional’.
“We are in a phase where we try to get an overview. It’s far too early to say how big the attack is. We are working to acquire knowledge of all aspects, ” Kjetil Nilsen, director of NorCERT, the National Security Authority (NSM), which is also helping with the investigation, told Norwegian publication VG.
“Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities,” he added.
Meanwhile the CEO of Health South East RHF, Cathrine M. Lofthus said that the situation was “very serious” and that measures had been taken to limit the damage caused by the hack.
She said that the potential data theft has not had any impact on patient care or patient safety, as yet, and added that staff within the health sector and government were working to resolve the situation.
The police have been notified, but as yet there are more questions than answers.
Ultimately, it is looking like this is the second major government data breach that we’ve become aware of this month. It is highlighting a disturbing trend that would rightfully get people asking whether their information held by a government body is safe or not.
We’ve asked this before over the years, but we find ourselves asking this again, is it wise to allow critical infrastructure and personal information to be connectable to the open Internet in the first place? At this point, it is looking more and more like a bad idea.
Drew Wilson on Twitter: @icecube85 and Google+.
