Health South-East manages hospitals across Norway’s most populous region

A joint investigation has been opened into a cyber-attack that took place against Norwegian healthcare association Helse Sør-Øst (Health South-East), authorities have announced.

Earlier this month, Health South-East, which manages hospitals across Norway’s most populous region, received reports of “abnormal activity” from the nation’s healthcare information security center, HelseCert.

Following its investigation into a potential breach, the organization confirmed on January 15 that an “advanced and professional player” had extracted data from its systems.

As Norway’s largest healthcare organization, Health South-East operates in a catchment area of 2.9 million people – more than half the country’s population – including those living in the Greater Oslo region.

A cooperative effort between Health South-East, HelseCert, and the national security authority, NorCert, is now attempting to determine the scale of the hack.

“This is a very serious situation, and measures have been taken to limit the damage caused by the [theft],” said Health South-East CEO, Cathrine Lofthus.

“There is close dialogue with the hospitals about this, and there is so far no evidence that the burglary has had consequences for patient treatment, patient safety, or patient data… but it is too early to conclude.”

Regulations introduced by the Norwegian Data Protection Authority in 2016 made it mandatory for companies to notify individuals whose personal data has been disclosed without their consent.