Breach at Norway’s largest healthcare authority was a disaster waiting to happen

More details have emerged on the data breach at Norway’s largest healthcare authority, in which up to 3 million people may have had their data stolen.

The attack on Helse Sør-Øst RHF (Health South-East) appears to have focused on patient records and the health service’s relationship with Norway’s armed forces. AldriMer reported that the criminal hackers were looking for information related to Trident Juncture 18, a major NATO exercise taking place in Norway in October 2018.

The combination of patients’ healthcare data and sensitive military data made Health South-East a prime target for an attack. The authority’s lax security has also been made public, with VG reporting in June 2017 that about 1,200 of Health South-East’s computers were still running on Windows XP.

Windows stopped providing updates and support for XP in 2014, meaning any organisation still using it is vulnerable to exploits. The legacy system was initially thought to be responsible for the rampant spread of last year’s WannaCry attack. Even though this turned out to be largely untrue (computers running on XP tended to crash before the ransomware was installed), there’s still a massive risk when using legacy systems.

Christian Jacobsen, chief information security officer at third-party organisation Sykehuspartner HF (Hospital Partner), acknowledged that the widespread use of Windows XP was a security risk, but claimed that control mechanisms had been put in place to reduce risk.

He added that the organisation aimed to phase out Windows XP. It’s not known how many computers were still running on XP at the time of the attack.

The threat to healthcare

Commenting on the incident, Gary Cox, director of Western Europe at Infoblox, told SC Media: “The wealth of sensitive information held by healthcare organisations is immensely valuable to criminals and, as technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyber-attacks stealing sensitive patient data, disrupting services, and putting lives at risk.”

He added: “It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”

Paul Farrington, manager at CA Technologies, said: “[I]t is crucial that healthcare organisations continue to invest in their cyber-security defences. This is the second [recent] high profile attack on healthcare organisations […], following the ransomware attack on Hancock Regional Hospital in Indiana, making it clear that the healthcare industry is a prominent target.”

Keeping your organisation secure

Targeted cyber attacks are just one way your organisation can be breached. You also need to protect against phishing, ransomware, malicious insiders, accidental disclosures and a host of other threats.

To be able to respond and recover from a cyber incident, it’s essential that you implement an effective business continuity management system (BCMS).

A BCMS is a comprehensive approach to organisational resilience. It helps organisations update, control and deploy effective plans, taking into account organisational contingencies and capabilities, as well as business needs.

With a BCMS, you can cope with any incident affecting your business-critical processes and activities, from the failure of a single server to the complete loss of a major facility. Starting the implementation process can seem intimidating, especially if you have little knowledge of the system, so we’ve provided some advice in our free green paper: Business Continuity Management – the nine-step approach.

This green paper explains:

  • How you can implement a BCMS;
  • What you need to consider at each step of the process;
  • How to measure, monitor and review your BCMS;
  • The roles your staff will play; and
  • How you can conduct a business impact analysis.

Want more advice? Our experts are happy to help >>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.