It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website. IT security experts commented below.
Gary Cox, Director of Western Europe at Infoblox:
The wealth of sensitive information held by healthcare organisations is immensely valuable to criminals and, as technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyberattacks stealing sensitive patient data, disrupting services, and putting lives at risk.
It’s little surprise, therefore, that 85 percent of healthcare providers have reported an increase in their cybersecurity spending over the past year, with a third investing in DNS security solutions, which can actively disrupt attempts at data exfiltration.
It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”
Raj Samani, Chief Scientist and Fellow at McAfee:
However, despite how it seems the criminals behind these attacks are not invincible. The cybersecurity industry needs to work together to combat the growing rate of cybercrime targeting public services by making threat intelligence sharing compulsory so that they are best equipped to defend against this threat. Once this is in place every attack will lead us a step closer to finding those responsible.”
Paul Farrington, Manager EMEA Solution Architects at CA Veracode:
“With the vast amount of sensitive data that it holds, the healthcare industry is a prime target for cyberattacks. While we’ve seen a shift recently towards targeting hospitals with ransomware to disrupt services, this case shows that the data itself is still of value to cybercriminals.
Despite the number of high profile cyberattacks on healthcare organisations of the last 12 months, results from the State of Software Security report exemplified the clear investments that many healthcare organisations are taking to secure their digital assets. For example, the pass rate for applications from healthcare organisations against OWASP, which lists the most critical vulnerabilities categories in web applications, rose to 30 percent of applications, up from 27.6 the previous year.
However, it is crucial that healthcare organisations continue to invest in their cybersecurity defences. This is the second high profile attack on healthcare organisations of the week, following the ransomware attack on Hancock Regional Hospital in Indiana, making it clear that the healthcare industry is a prominent target. With the clocks ticking on GDPR, a breach like this in the private sector will have severe financial implications for a firm.”
Andy Norton, Director of Threat Intelligence at Lastline: