Media Reports: Massive Data Breach of Norwegian Health Authority Could Impact 3 Million Patients | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Media Reports: Massive Data Breach of Norwegian Health Authority Could Impact 3 Million Patients

January 19, 2018
by Heather Landi
| Reprints

International media outlets are reporting that a hacker or hacker group breached the systems of Norway’s Health South East EHF, potentially compromising the healthcare data of nearly 3 million patients, or about half of Norway’s population.

According to the publication The Inquirer, a UK-based technology-focused media brand, the breach was announced on Monday by the authority after it had been notified by HelseCERT, the Norwegian healthcare sector's national information security center, that there had been abnormal activity against computer systems in the region. The cyber attack took place on January 8.

“HelseCert said that data theft had taken place and that the hackers were 'advanced' and ‘professional',” according to The Inquirer article.

An article published in International Business Times today reported that the Norway’s Health South-East RHF manages hospitals in the nation’s southeast region, which comprises nine of Norway’s 18 counties. According to local press, Health South-East RHF is the largest of Norway's four healthcare regions with hospitals serving 2.9 million of the country's total of 5.2 million inhabitants.

The International Business Times article quoted a statement by Health South East RHF CEO Cathrine M. Lofthus: “This is a very serious situation, and measures have been taken to limit the damage caused by the burglary. There is close dialogue with the hospitals about this and there is so far no evidence that the burglary has had consequences for patient treatment, patient safety or patient data has been overlooked, but it is too early to conclude.”

Further, Lofthus said in the statement, “The best resources in Hospital Partners are now working together with the foremost expertise in the country to get an overview and resolve the situation.”

The IB Times article also reported that the director of Norway's ministry of healthcare, Bjørn Guldvog, deemed the data breach as serious, adding that the authorities are taking measures to ensure that any fallout caused by the breach is limited. However, Guldvog refrained from mentioning what measures had been taken to deal with the breach, the article stated.

"A number of measures have been implemented to remove the threat, and further measures will be implemented in the future," said Norway's Ministry of Health and Care in a statement.

It still remains unknown as to whether hackers were able to successfully access and exfiltrate data and if so, how many people may have been impacted by the breach.

“We are in a phase where we try to get an overview. It's far too early to say how big the attack is. We are working to acquire knowledge of all aspects,” director of the Norwegian security agency, National Security Authority (NSM), Kjetil Nilsen, told a local newspaper, according to the IB Times article.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.