Healthcare

In January 2018, South-East RHF announced that the PHI and records of nearly 2.9 million people(more than half of the population of Norway) had been compromised. It is suspected that a sophisticated criminal group from a foreign spy or state agency led the attack targeting both patient health data and the health service’s interaction with Norway’s armed forces. The vulnerability is thought to have come from the legacy system, Windows XP. While the organization had begun security measures to reduce the risks brought on by Windows XP along with a plan to phase it out, the attack took place before they could implement the security measures.

In February 2016, employees encountered various error messages from a ransomware attack initiated through a social-engineering tactic. In response, the hospital took servers and computer systems offline to assess and cleanse infected systems. In the meantime, staff resorted to using pen, paper, and fax machines to continue their work but needed to postpone high-risk procedures. The hospital’s spokesperson predicted it would take a few months before their workflow was back to the status quo. There was no evidence that patient data were breached.

On January 11, 2018, Hancock Regional faced a ransomware attack by the malware SamSam.The attack targeted a server in their emergency IT backup system and spread through the electronic connection between the backup site, located miles from the main campus, and the server farm at the hospital. It was later discovered that the hackers had permanently corrupted components of the backup files from many systems, except the electronic medical record backup files. Investigators found that the attack was conducted using Microsoft’s Remote Desktop Protocol as an entry point into the server and that the hackers had compromised a hardware vendor’s administrative account to initiate the attack.