For over 48 hours, the information technology services of the Health Insurance Fund, along with external partners, have been actively working to restore the Integrated Health Information System (IZIS), which was the target of a highly sophisticated attack by an advanced international hacking group, as announced by the Health Insurance Fund.
The timely and adequate response by the responsible authorities for IZIS, coupled with the high security standards set in this system, was crucial in preventing greater damage that could have caused immeasurable consequences for IZIS and, consequently, the entire healthcare system of Srpska,” highlighted the Fund.
From the onset of IZIS implementation, particular attention has been paid to the security aspect, ensuring maximum system protection (communication links with direct access, acquisition of firewall devices, secured communication with external entities via VPN tunnels, antivirus licenses obtained, Oracle server and database support secured, installation of the Oracle Linux operating system, implementation of the VMware virtualization solution, realization of the Single Sign-On (SSO) portal, utilizing the most secure services of Mtel, and more).
Additionally, the system is connected to other institutions and employs services from the Ministry of Interior, the Agency for Personal Data Protection, the Agency for Medicines, and others, applying all security protocols.
“IZIS has numerous external users who access the system through specific security tunnels. It is presumed that the attack was conducted via one of these tunnels, masquerading as a system user. Immediately upon detecting the issue, protective measures were implemented, in line with the defined protocol, to safeguard the databases and preserve healthcare data. The databases were promptly relocated to another physical location, and configuration activities on the system are currently ongoing. We hope that no significant damage has been caused other than the interruption in IZIS operation over the past two days and possibly a few more days until the system is restored,” added the statement.
During this period, numerous companies worldwide, including the recent case of the Electric Power Industry of Serbia, have been subjected to similar attacks.
“This implies that our case is not isolated and that such attacks occur despite maximum protection measures, making them difficult to defend against,” the Fund stated.
They expressed gratitude to all institutions in Srpska for their support and activities in line with their responsibilities, such as the respective ministries, the Ministry of Internal Affairs, the Agency for Information Society, and others.
Despite the interruption in IZIS operations due to the hacker attack, the citizens of Srpska can still access healthcare services.
“This instance demonstrates that Srpska’s institutions can successfully cope with even the most severe challenges, which unfortunately are becoming more frequent. The Health Insurance Fund of Srpska, along with healthcare facilities, will continue to be available to citizens and the general public, exerting maximum efforts to overcome the consequences of the attack on the healthcare system in the least painful way possible, minimizing the impact on patients. This stands in contrast to irresponsible individuals whose comments do not contribute to problem-solving but serve no purpose other than maliciously inciting panic and exploiting the situation for petty daily political matters,” concluded the statement.”
Source: RTRS