Cybercriminals have stolen a gigantic trove of Norway’s social insurance information in a current information rupture, which likely affects the greater part of the country’s populace.
An obscure programmer or gathering of programmers figured out how to rupture the frameworks of Health South-East Regional Health Authority (RHF) and apparently stolen individual data and wellbeing records of around 2.9 million Norwegians out of the nation’s aggregate 5.2 million tenants.
Health South-East RHA is a healthcare organisation that manages hospitals in Norway’s southeast region, including Østfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder.
The healthcare organisation announced the data breach on Monday after it had been alerted by HelseCERT, the Norwegian CERT department for its healthcare sector, about an “abnormal activity” against computer systems in the region.
HelseCERT also said the culprits behind the data breach are “advanced and professional” hackers, although it is still unknown as to whether they were managed to exfiltrate data successfully and if so, how many people may have been impacted.
So far there’s also no evidence if the stolen data theft has had any consequences for or effects on patients’ safety.
However, the healthcare organisation assured that security “measures had been taken to limit the damage caused by the burglary.”
“We are in a phase where we try to get an overview. It’s far too early to say how big the attack is. We are working to acquire knowledge of all aspects, ” NorCERT director Kjetil Nilsen told Norwegian publication VG.
“Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities.”
Why Do Hackers Want Your Health Data?
Digital healthcare has been growing to satisfy the demands of connected healthcare technology that provides better treatment and improved patient care.
We know that any organisation with a computer is at risk from cyber-attacks both from criminals wanting to extort money and state-sponsored hackers wanting to cause chaos.
Since the healthcare sector is part of the critical national infrastructure, alongside water, electricity and transport, it becomes an attractive target for hackers.
Believe it or not, your medical records are worth more to hackers than your stolen credit card details on the dark web markets.
Financial data has a finite lifespan, but the information contained in health care records—which includes names, birth dates, policy numbers, diagnosis codes, social security number and billing information—has a much longer shelf life and is rich enough for identity theft.
Fraudsters can use this data to create fake identities to do all illegal kinds of stuff in your name, combine a patient number with a false provider number and file fake claims with insurers, and even file fake tax returns using your stolen addresses, phone numbers and employment history.