04 Jan 2018

Estonian medical centers at risk for cybercrime

Cost concerns may be preventing Estonian hospitals and medical centers from protecting themselves against computer hackers, putting patients' sensitive medical records at risk.

Marta Tuul
Marta Tuul Eesti Ekspress, Estonia
Source: Eesti Ekspress
Estonian medical centers at risk for cybercrime - NewsMavens
Nude woman. Wikicommons

Why this story matters:


Cost concerns may be preventing Estonian hospitals and medical centers from protecting themselves against computer hackers, putting patients' sensitive medical records at risk.

The Estonian Information System Authority (RIA) reported about 35 serious cyberattacks last year, including attacks on doctor centers and hospitals whose information technology systems were infected with ransomware.

This means that Estonians' health records may have fallen into the hands of cyber crooks, without their knowledge. 

Weak security can lead to a situation like one in Lithuania last year. A group of cybercrooks called Tsar Team found a so-called "open door" in a beauty clinic webpage and stole more than 25,000 pictures of patients before and after surgery, as well as their credit card numbers and other personal data. They asked the clinic to pay 344,000 euros as a penalty for having an unsafe IT system. The clinic refused, and the patients' information was published on the dark web. 

The Estonian ministry of social affairs said its medical institutions are responsible for any cyberattacks they may face.

At the same time, the ministry has declined to meet a European Union directive that says every member state should have stringent IT rules and supervision, saying it would put too much pressure on health insurance and therefore on prices of treatment.

This means that Estonia, which is known as a leader in information technology, may have medical institutions that are at risk of attack.

Details from the story:

  • IT levels at Estonian medical centers have been found to be lower than average.   
  • The Estonian ministry of social affairs won't implement an EU directive for cybersecurity, saying the costs could be passed down to the patients.
  • Health care institutions are legally responsible for any harm caused by a cyberattack. 

Project #Femfacts co-financed by European Commission Directorate-General for Communications Networks, Content and Technology as part of the Pilot Project – Media Literacy For All

The information and views set out on this website are those of the author(s) and do not necessarily reflect the official opinion of the European Union. Neither the European Union institutions and bodies nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein.

NewsMavens is a media start-up within Gazeta Wyborcza, Poland's largest liberal broadsheet published by Agora S.A. NewsMavens is currently financed by Gazeta Wyborcza and Google DNI Fund.
Is something happening in your country that Newsmavens should cover?
Zuzanna Ziomecka
Zuzanna Ziomecka EDITOR IN CHIEF
Lea Berriault-Jauvin
Lea Berriault Managing Editor
Jessica Sirotin
Jessica Sirotin EDITOR
Ada Petriczko
Ada Petriczko EDITOR
Gazeta Wyborcza, Agora SA Czerska 8/10 00-732, Warsaw Poland
The e-mail addresses provided above are not intended for recruitment purposes. Messages concerning recruitment will be deleted immediately. Your personal data provided as part of your correspondence with Zuzanna,Lea, Jessica and Ada will be processed for the purpose of resolving the issue you contacted us about. The data provided in your email is controlled by Agora S.A. with its registered office in Warsaw Czerska 8/10 Street (00-732). You can find more information about the processing and protection of your personal data at https://newsmavens.com/transparency-policy