Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management
Cyberattack Affects Greenland's Healthcare ServicesAttack Began on May 9; Patient Records Currently Inaccessible
Greenland's healthcare services have been "severely limited" due to a cyberattack that has lasted for at least two weeks to date, says the Naalakkersuisut, the country's government.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
All IT systems and servers associated with the healthcare services of the country were forced to restart due to the cyberattack, cutting off access to patient records. The attack, the government says, has also affected the healthcare service's email system.
"The health services are therefore severely limited and increased waiting time must be expected," the government says. Some people may experience a delay in agreed schedules, but "acute inquiries will of course continue to be met and you can contact the health service by phone."
A preliminary technical analysis, the government notification says, showed that there had been "no damage to citizen data" and that there were no signs of the data being copied or stolen.
The government did not respond to Information Security Media Group's request for details on the type of cyberattack, its implications on other sectors or system restoration timelines.
Timeline of Events
According to local news agencies, on May 9, the government said that an IT "system crash" had caused Doktor[.]gl, an online portal used by Greenland citizens to schedule clinical appointments, to appear offline. On May 18, a fresh notification reportedly said that "it is now clear the system crash recently was caused by cyberattacks [aimed at the healthcare services]."
The Doktor.gl portal is also used by patients to renew their prescriptions. For now, the government has requested its citizens to physically renew prescriptions at Queen Ingrid's Health Center in Nuuk, the capital city of Greenland, as "the health service continues to have some IT challenges after the cyberattack," according to the latest government notification.
Links to Earlier Attack?
The latest attack may have been perpetrated by a threat actor who has targeted the country in the past.
Irene Jeppson, a government spokesperson, told local news agency Sermitsiaq: "What we do know is that it is most likely the same hackers who attacked the central administration network a few months ago. It can be traced in the procedure and the technical imprints left on the network. The central administration and the health service, [however], do not have the same operating supplier and thus, there is nothing to indicate that the attack is related to the operating suppliers."
A separate cyberattack on March 25 forced the country's Parliament to cancel all its meetings for a week. Its digital systems were crippled, and the government was unable to distribute social benefit payments to its citizens on time. A majority of the services - 90% - were reported restored within a week of the attack.
At the time, Múte B. Egede, chairman of the Naalakkersuisut, said, "The purpose of the cyberattack was to carry out espionage and gather information in this country."
Thin Line of Cyber Defense?
The self-governing, overseas administrative division of Denmark, with a population of about 57,000 people, appears to be short-handed in the cybersecurity domain.
To hold this line of defense, the country reportedly only has a team of four, led by Katrine Nathanielsen, the head of Greenland's agency for digitization.
If a Russian hacker wanted to infiltrate the country's systems, the chances of them succeeding would be "quite high," she told Danish technology news agency Teknologiens Mediehus in February.
"We have to assume that at some point, there will be a breach. Then it's more a question of how quickly we can shut it down, contain it and get back into operation. That is the reality we have to live with," Nathanielsen says. Ultimately, she adds, it is a question of how good the basic IT security of a country is, including firewalls, logging and awareness.
And Danish Defense Minister Trine Bramsen tells Teknologiens Mediehus: "In the Danish Commonwealth, there are attacks or attempts at attacks on companies and authorities on a daily basis. It is obvious that Greenland is, due to its geographical location, particularly vulnerable if critical functions are attacked."
She says a Danish Security and Intelligence Service report titled "Assessment of the espionage threat against Denmark" and published in January shows that there is a significant risk of cyberespionage in Greenland and Denmark.
In recent years, the agency has uncovered several cases that show the threat is real and quite serious, Anders Henriksen, head of counterintelligence at the agency, says in the report.
"The threat from foreign states' intelligence activities against Denmark, Greenland and the Faroe Islands has become more significant in recent years. We face a broad-spectrum and complex threat from foreign intelligence activities," he says, adding that the threat "originates primarily from Russia, China and Iran, but there are also examples of other states carrying out intelligence activities in Denmark."