This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Norway flag

A hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press.

The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.

The organization said HelseCERT, the country’s CERT division for the healthcare sector, had identified suspicious traffic coming from Health South-East’s computer network.

An investigation by the IT staff at Sykehuspartner HF —Health South East RHF parent company— revealed evidence of a severe data breach.

“An advanced and professional player”

“This is a serious situation and measures have been taken to limit the damage caused by the incident,” said Health South East RHF and Sykehuspartner HF in a joint statement.

Health South-East RHF characterized the attacker as “an advanced and professional player.”

Law enforcement has been notified, as well as NorCERT, the country’s CERT team.

Over 2.9 million users potentially affected

Health South-East RHF manages healthcare units in nine of Norway’s 18 counties. The list includes the counties of Akershus (includes Norway’s capital Oslo), Aust-Agder, Buskerud, Hedmark, Oppland, Østfold, Telemark, Vest-Agder, and Vestfold.

According to local press [1, 2], Health South-East RHF is the largest of Norway’s four healthcare regions with hospitals serving 2.9 million of the country’s total of 5.2 million inhabitants.

“A number of measures have been implemented to remove the threat, and further measures will be implemented in the future,” said Norway’s Ministry of Health and Care in a statement.

Authorities are still investigating the incident to determine the size of the breach, but local press fears the “suspicious traffic” HelseCERT detected was the hacker siphoning off patient data.

HPE’s computer systems ruled out as source of the hack

In the autumn of 2016, Health South-East RHF signed a contract with Hewlett Packard Enterprise to modernize its computer systems, but the contract was dropped after local press disclosed poor security controls when accessing patient healthcare information.

“We do not see any connection between this attack and that project,” Cathrine Lofthus, CEO of Health South-East RHF told a Norwegian newspaper.

Norwegian security researchers have also been very critical of Health South-East RHF whose top managers have been telling users to relax as their data was safe even before finishing the investigation into the hack. Many fear the hack is much worse than the organization is letting believe.

The leak, if confirmed, is still nowhere near to what happened in Sweden, where a government contractor leaked the personal details of all the country’s citizens. The person responsible was fined only a half a month’s paycheck.

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,