Helse Nord claims that no unauthorized person has received the information. – I am shocked that we have not found out anything about it. That’s what union representative for the senior doctors at Finnmarkssykehuset, Christel Eriksen, says. It was news that informed Eriksen that the personal data of all employees at Helse Nord had been exposed. In addition, there was information about all former employees. This happened a week in February. The same applied to information about a number of patients. The discrepancy was first discovered by the National Audit Office. Finnmarkshykehuset later received an order from the Norwegian Data Protection Authority to review the data stores. All personal information had to be secured. The notice of deviation states that Finnmarkssykehuset HF will not inform those affected. Photo: Allan Klo / news According to the notice of non-conformity the health authority in Finnmark has sent to the Norwegian Data Protection Authority, so many people were affected that it could not be counted. The message states that no one has been inside and copied the personal information. The hospitals in Nordland, Troms, Finnmark and Svalbard come under Helse Nord. Was not informed Trustee Eriksen is worried that Helse Nord has not informed the employees and patients about this. Christel Eriksen believes that Helse Nord should inform those affected. Photo: Bethel Britto / news – It feels quite unsafe, and my trust in Helse Nord is weakening, she says. Eriksen is very concerned because Helse Nord has not mapped the extent of this. – It can weaken trust when we do not get information about what has happened and what has been done. Fear of threat actors news found out about the case through a notice of deviation that Finnmarkssykehuset had sent to the Norwegian Data Protection Authority. In the report, Finnmarkssykehuset demands that the non-conformity report not be made public. “We point out that the notice of deviation contains information that exposes vulnerabilities in our infrastructure and other information that can be exploited by threat actors.” The University Hospital of Northern Norway in Tromsø. Photo: Sofie Retterstøl Olaisen / Sofie Retterstøl Olaisen The health association believes that the information should not be known until the audit has been completed and considered in the Storting. ConsequencesIn the message sent to the Norwegian Data Protection Authority, two different consequences are mentioned: It can be unpleasant for people if someone without the right has access to their personal data. If a malicious actor had gained access, this could have affected the working conditions at the hospitals. Employers could lose access to very important information about their employees. This is stated in the deviation notices from Finnmarkssykehuset “The deviation concerns traffic between services, in order to be able to access this information you must have a high level of technical expertise and be on the inside of the infrastructure. The probability that the information is astray is very low.” “As we see it, there are two different consequences scenarios: For the breach of confidentiality, it is the discomfort for the affected persons that someone without official need has had access to their personal data. For the breach of integrity, it is possible that all the data could have been lost, if there had been a malicious actor who had gained access. It is difficult to see the consequences of such a scenario, but it could affect the employee in the employment relationship by the employer losing access to important or essential data about its employees.” In a follow-up notice of non-conformity later, it was said, among other things: “There is a large number of people affected. According to what we have uncovered, all current and former employees of Helse Nord are affected. It is also all patients in Helse Nord, who have carried out certain types of examinations.” “Finnmarkssykehuset HF will not inform affected registered users. In our assessment, there is not a high risk to their rights and freedoms.” “The breach is a pure breach of confidentiality, and the information cannot be considered to have gone astray in the sense that it was unknown people who gained access to it.” Reassuring Those responsible only respond in writing to news’s questions about the matter. Owner director of Helse Nord RHF, Hilde Rolandsen, emphasizes that the discrepancy was discovered during a controlled test. – The discrepancy mentioned was closed and had no consequences, she says. Owner director of Helse Nord RHF, Hilde Rolandsen says that they work continuously to improve the safety situation. Photo: Lars-Bjørn Martinsen / news She adds that no unauthorized person has abused the access. That is why they have not notified staff or patients. According to Rolandsen, the purpose of such tests is precisely to find weaknesses. In this way, security can be improved. She believes that what has been uncovered is serious, but has spent a lot of money on data security. Director Ole Hope at Finnmarkssykehuset also states that all orders and measures are followed so that safety is good enough. Published 01.11.2024, at 18.56 Updated 01.11.2024, at 18.57
ttn-69