Contents:
SmiNet, the country’s infectious diseases database which is also used to store electronic reports with statistics on COVID-19 infections, was shut down in order to investigate the hacking attempts.
The Swedish Public Health Agency has discovered that there have been several attempted intrusions into the SmiNet database. The database has therefore been closed down temporarily.
Work is underway to investigate as quickly as possible whether anyone may have accessed sensitive personal data from the database, as well as sort out and rectify any deficiencies.
Because of the attack, the Swedish Public Health Agency was not able to report complete COVID-19 stats since the database shut down, and while the investigation is ongoing, no additional updates will be issued as well.
Nästa uppdatering av covid-19-statistik blir på torsdag den 3 juni 2021 https://t.co/iky5uBb4de
— Folkhälsomyndigheten (@Folkhalsomynd) May 31, 2021
Translated the tweet will read:
Even if so far no evidence of unauthorized parties accessing sensitive information was found, the investigation will last at least a few more days until the reporting process will be restarted.
The SmiNet database, which stores electronic reports of infectious diseases, including covid-19, was previously closed for security reasons after several intrusion attempts. After adjustments to further increase security, the database has been running again since the evening of 28 May.
More time is needed to ensure that the statistics are complete so that a reliable assessment of the epidemiological situation can be made. Therefore, the next update of the statistics on cases of covid-19 will be on Thursday, June 3. Data from care providers and laboratories are then estimated to have been reported and analyzed.
The investigation into unauthorized access to sensitive information is still ongoing.
The incident has been reported to the Police and to the Privacy Protection Authority.
This is not the first event of this kind, as two years ago the 1177 Swedish Healthcare Guide service for health care information was affected by a data breach after the company in charge of managing its storage server exposed it to public access on the internet.
Back then the losses were great, as millions of healthcare call recordings dating back to 2013 were stored on the misconfigured server, exposing callers’ personal information shared for roughly 170,000 hours left on view.
In the past two years, European healthcare has been under attack, with the Irish Department of Health (DoH) and the publicly funded healthcare system HSE (Health Service Executive) were breached by Conti ransomware operators.
Heimdal® Network DNS Security
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
According to the Federal Bureau of Investigation, the Conti ransomware gang has also attempted to breach the networks of more than a dozen US first aid and health care organizations.