Norway data breach

Just days after the news broke about Meltdown and Spectre, the latest data breach story involves Norway’s Health South East RHF and the 3 million patients affected by it. This attack was carried out on January 8th and was confirmed on January 18th. (You can see Health South East RHF’s original post, in Norwegian, here.)

Health South East RHF manages the healthcare of nine out of the eighteen counties in Norway, which makes it one of Norway’s most important healthcare firms.

Health South East RHF is still investigating the reason behind this massive data leak. In the wake of this serious threat, it has implemented new security measures to reduce the impact.  

Security has never been more important 

Norway’s recent data breach should act as a warning for your enterprise. If the prospect of a data breach worries you, it’s time to bump your IT security up a notch.  

We at ManageEngine suggest the following best practices to provide your enterprise with the highest possible level of security: 

  1. Make automated patch management a mandatory process in your enterprise.
  2. Employ several data protection officers in accordance to the GDPR.
  3. Ensure that your product, network, and mobile devices are completely safe from vulnerabilities or malware. As an example, employing a SIEM solution and an endpoint management solution can reduce the impact of a breach to a reasonable extent.
  4. Prevent unverified applications from being downloaded on both mobile devices and computers.
  5. Provide privileges to a limited set of individuals.
  6. Track all logs and events related to personal data.
  7. Create an incident response team that is well trained in mitigating attacks within 72 hours.  

Norway’s data leak in relation to the GDPR 

Although Norway isn’t in the EU, it is a member of the European Economic Area (EEA), which is subject to the GDPR. If this same data breach had occurred after May 25, 2018, not only would Health South East RHF have a hefty fine to pay, but they’d be busy taking care of other losses as well, which is difficult for any enterprise to navigate out of.  

Keeping this in mind, Spectre still remains unfixed and can be exploited to breach your enterprise network. Considering the importance of personal data and unforeseen vulnerability exploitation, ManageEngine has published an e-book explaining how can you secure personal data stored on your enterprise’s computers and mobile devices.    

Download ManageEngine’s Desktop Central to secure personal data across all your endpoints and become that much closer to GDPR compliance.