Norway is a country with 5.2 Million people, at least half of them have their data compromised, but not any data but healthcare data. A group of hackers breach the system of the Nordic country, in this operation the attackers managed to stole 2.9 Million records.

Health South-East RHA, a healthcare organisation that manages hospitals in Norway’s, announced on Monday (yes, today morning) that they got breached. The Norwegian CERT emitted an alarm that indicated the incident. This should not be an isolated event, this attack was not made by occasional hackers but it was made by professional and advanced hackers.

What kind of information were stolen: names, birth dates, insurance policies and numbers, diagnosis, social security numbers, billing information, illness, family clinic history, chronic ailment, etc.

“Since the healthcare sector is part of the critical national infrastructure, alongside water, electricity and transport, it becomes an attractive target for hackers.” – Khandelwal (@thehackernews.com) 22.01.2018

But why is this important?

In most of the financial electronic crimes like the one with One+ some days ago, financial data has a finite lifespan, (a credit card number can be changed, an bank account number can be changed) but the information related with health care records, just NO, it has a much longer shelf life and is useful for others in magnitude crime like identity theft or true name.

Another important issue that is very important but omitted, is that this breach happened on January, 8 nevertheless, it was made public on January, 22 almost 2 weeks after the attack. This means, that GDPR was violated because the affected parties were not notified immediately after the attack as it is supposed to happen.

This happens to be another breach, sadly it is just statistics. But we should remain vigilant, because these kind of incidents happen to every organization. The biggest mistake we can do is to think this is happening to big corporations or governments only, this is not exclusive, it is happening also in small business and private space. That’s why cybersecurity professionals and information security managers should always keep in mind the most current view and thread landscape.