HealthCare Data Breach Exposes Half of Norway’s Population

Cyber criminals stole a huge amount of Norway’s healthcare data in a data breach which took place back in January 2018 which likely collected more than half of nations population.

An unknown group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stole personal information and health records of around 2.9 million Norwegians out of the 5.2 million of the country’s inhabitants.

 The incident which took place on January 8 was announced on January 21, 2018 by the healthcare organisation after it was alerted by HelseCERT, the Norwegian CERT (Computer Emergency Response Team) department about an unusual behavior against the computer systems in their area.

 “Various measures have been executed to evacuate the risk, and further estimates will be actualized later on for the equivalent,” said Norway’s Ministry of Health and Care in a meeting.


What should have been the security measures to prevent such breaches ?

A private company or a company using a third-party code or payment gateway on a website should have a deep endpoint. To protect your network and databases from these security breaches, you must use reliable services and security policies.  

Basic security steps include:

1)Testing security applications:

Web and cellular applications are the main access points for intruders. Application security testing should be a clear security measure to ensure that all enterprises are used to ensure business continuity.

2)Train Employees:

Write written privacy policies and disclose to all employees. Explain to them that you are responsible for protecting confidential information and information.

3)Control Use of Computers:

Restrict employee use of computers to business. Consider blocking access to file sharing peer-to-peer Web sites, inappropriate Websites and unapproved software.


How healthcare organizations can become proactive to avoid such breaches?

Organizations should carefully analyze public health systems. This can be done with the help of an expert from a third country to effectively improve prevention, investigation and response mechanisms. A holistic approach to integrated cyber security services should be adopted. At the same time, they need to focus on the three main pillars of cyber security,i.e.: People, Process and Technology.

Associations have explicit data security consistence commitments that can’t be overlooked. Managing the industrial standards with security compliances like ISO 27001 and HIPAA is crucial for business. Failure to comply with information security standards may lead to criminal prosecution and numerous fines for civil penalties.

Companies must also create robust cyber security policies, control information systems, and organizational and personnel capabilities. You can get advice about all public and private health facilities, the latest precautions for cyber security, and the actions that need to be taken.

Security attack simulator and awareness tools like ThreatCop are capable of reducing the overall risk posture of an organization from the people point of view. This tool effectively helps companies get measurable results by increasing cyber-flexibility by strengthening the weakest employees.

Medical records are often focused on important patient data. Many businesses and governments in South-East Asia face cyber threats, and few are aware of the risks. The Norwegian attack acts as a form that warns and warns that health services target hackers around the world.


-by Himanshu Chaudhary

Leave a Reply