Throughout the month, there were multiple disruptions in the services of the Health Insurance Fund. On 1 April, prescriptions could not be issued or used to purchase medicines for half an hour. The outage was caused by a software error, which was resolved by restarting the systems. On 16 and 17 April, there were further disruptions in digital prescriptions, insurance verification, and incapacity for work benefit services, caused by a failure on the platform of an external service provider.
The website of the Business Register was temporarily unavailable on 7 and 10 April. In the first case, the issue was caused by the database running slowly; in the second, by an expired certificate.
There were also disruptions to digital signature services. On 17 April, users could not give digital signatures via the DigiDoc4 application, and a misleading error message was displayed. The outage was caused by a configuration error.
On 26 April, there were disruptions to the Digital Signature Gateway Service (SiGa) due to an error occurring during certificate renewal.
In April, phishing emails purportedly from LHV Bank circulated widely again, urging recipients to update their information due to allegedly expiring banking data. Victims of the fraud lost thousands of euros. In addition, CERT-EE detected targeted attacks against cryptocurrency wallet users. The attack primarily targeted MetaMask and Ledger users, who were sent phishing emails and directed to fraudulent websites to enter their personal details.
Dorel Kiik, Chief Analyst of the Analysis and Prevention Department of RIA, commented that the April overview illustrates a shift in cyber threats increasingly from technical failures towards manipulations targeting people. ‘While service outages are usually temporary, the impact of scams can be very painful and long-lasting for individuals. It is therefore crucial that everyone knows how to recognise scam emails and to take a critical approach to unexpected messages that urge you to act quickly,’ Kiik emphasised.
‘To help strengthen these skills consistently, at the beginning of April we also updated the cyber test for organisations, which helps systematically develop cyber hygiene knowledge. The cyber test consists of a training followed by a test, covering topics from password security and recognising phishing emails, to secure remote work, social media use, and artificial intelligence. The cyber test is free for all institutions, and information on how to join is available on the RIA website,’ added Kiik.
