- Sweden had to shut down its COVID-19 cases portal to prevent a hacking intrusion from happening.
- There are no signs of successful data exfiltration or even access, but the investigation is ongoing.
- The portal will return online and available to the public on June 3, 2021, with strengthened security measures.
Folkhälsomyndigheten, which is the public health agency of Sweden, has decided to shut down the ‘SmiNet’ online diseases database to prevent the chances of having it breached by hackers, after the agency’s IT team discovered multiple attempts of this kind. SmiNet has gained upgraded importance with COVID-19, as this is the official portal where daily infections and statistics are being reported by the health ministry, but it is unclear what the hackers were trying to achieve exactly.
Another thing that is yet to be determined is whether or not the intruders actually managed to steal any data or not. Right now, the agency is investigating the incidents by looking into the access logs, evaluate the network defense mechanisms and how well these served, and attempt to identify any weak points that require strengthening. So far, the investigators haven’t found anything too worrying, so it appears that all attempts have been thwarted by the automated systems.
One new measure that has been introduced when the database was brought back up online is to limit the access of the platform for laboratories that need to report infection data. This is no longer possible to make via the web form, and clinics will have to report everything by sending PDFs. This will continue for a couple more days while the IT team evaluates the situation and risks that arise from each approach.
As for when the reporting of data will return to normal operational status, that would be on Thursday, June 3, 2021. The extra time is needed to ensure the completeness of the epidemiological data, as all security-related adjustments have already been implemented. In the meantime, the investigation on who is responsible for this is ongoing, and the Police are also involved now. Finally, the data protection commissioner has also been informed, so an investigation from that office may be launched too.