A large-scale ransomware attack on Swedish IT supplier Miljödata has affected around 200 municipalities and regions in Sweden.
According to Swedish news outlets, the incident occurred last Saturday and has impacted, among others, Region Gotland, Region Halland, Kalmar municipality, Varber municipality, Umeå municipality, Luleå municipality, Kiruna municipality, Mönsterås municipality, Karlstad municipality, and Skellefteå municipality.
“Region Gotland is one of many regions and municipalities affected by the cyberattacks to which Miljödata is exposed. At the moment, extensive investigations are underway at Miljödata to investigate the extent of the attack and we are in continuous contact with the supplier,” Region Gotland says in a press release.
Have thoughts about this topic? Others do, too. Join them in the discussion.
The extent of the breach has yet to be determined, but what we do know is that the attacker had access to a large amount of personal data, including medical certificates, rehabilitation plans, occupational injuries, and other health information.
The IT supplier immediately took additional security measures to limit the attack by isolating systems, meaning that some systems are down. The incident has also been reported to the police and the Swedish data protection authority IMY.
The privacy regulator reminds us that affected businesses must report a data breach within 72 hours of discovery. People whose personal data has been affected must also be informed about the incident.
The Swedish government is aware of what happened. Carl-Oskar Bohlin, the Minister for Civil Defense, says that the government is in close contact with the relevant authorities. CERT-SE has offered advice and support to both the company in question and affected customers. The National Cyber Security Centre (NCSC) is coordinating the measures taken by the relevant authorities.
“The scope of the incident has not yet been determined, and it is too early to ascertain the actual consequences. Regardless, the government takes issues relating to cyberattacks and IT incidents very seriously, and we understand the concern and uncertainty that cyberattacks can cause,” Minister Bohlin states in a message on X.
He continues by saying that cybersecurity is about prevention and that individual organizations are responsible for this. Lastly, he says that the government is about to announce a bill on a new cybersecurity law, which will impose increased requirements on a wide range of actors.
As of writing, no ransomware groups have claimed responsibility for the cyberattack. According to Swedish news outlets, the attackers are allegedly demanding 1.5 bitcoin, or roughly €144,000, in ransom.
Your email address will not be published. Required fields are markedmarked