Why this story matters:
Cost concerns may be preventing Estonian hospitals and medical centers from protecting themselves against computer hackers, putting patients' sensitive medical records at risk.
The Estonian Information System Authority (RIA) reported about 35 serious cyberattacks last year, including attacks on doctor centers and hospitals whose information technology systems were infected with ransomware.
This means that Estonians' health records may have fallen into the hands of cyber crooks, without their knowledge.
Weak security can lead to a situation like one in Lithuania last year. A group of cybercrooks called Tsar Team found a so-called "open door" in a beauty clinic webpage and stole more than 25,000 pictures of patients before and after surgery, as well as their credit card numbers and other personal data. They asked the clinic to pay 344,000 euros as a penalty for having an unsafe IT system. The clinic refused, and the patients' information was published on the dark web.
The Estonian ministry of social affairs said its medical institutions are responsible for any cyberattacks they may face.
At the same time, the ministry has declined to meet a European Union directive that says every member state should have stringent IT rules and supervision, saying it would put too much pressure on health insurance and therefore on prices of treatment.
This means that Estonia, which is known as a leader in information technology, may have medical institutions that are at risk of attack.
Details from the story:
- IT levels at Estonian medical centers have been found to be lower than average.
- The Estonian ministry of social affairs won't implement an EU directive for cybersecurity, saying the costs could be passed down to the patients.
- Health care institutions are legally responsible for any harm caused by a cyberattack.