Cyber Incident Victim: alles Lægehus

On December 9, 2024, alles Lægehus experienced an IT outage caused by a criminal cyberattack targeting their servers. The organization immediately activated emergency protocols to preserve critical clinical functions while launching an investigation with internal and external IT experts. Initial analysis confirmed unauthorized access and data theft involving personal information of patients and employees. The attack compromised servers hosted by a third-party provider, though the exact intrusion method remained unspecified. Alles Lægehus reported the incident to Datatilsynet (the Danish Data Protection Agency) and law enforcement, collaborating with police to identify perpetrators. By December 30, 2024, they publicly confirmed the data breach but could not yet determine the full scope of affected individuals or precise data categories stolen.

Between January 5-7, 2025, alles Lægehus initiated notifications via e-Boks to all individuals in their databases, including non-active patients, citing legal obligations to retain health data for 10 years. The stolen information excluded medical notes but included other unspecified personal data, creating potential risks of phishing attempts. A technical error during mass mailing initially displayed "Din arbejdsgiver" (Your employer) as the sender for some recipients, prompting manual corrections and delayed deliveries to remaining recipients. The organization established a dedicated email ([email protected]) for inquiries while directing clinical staff to focus solely on medical issues. No evidence of data misuse had been detected by early January 2025, though alles Lægehus advised vigilance against suspicious communications and referenced guidance from Sikker Digital. Ongoing coordination with authorities continued as forensic work progressed to finalize breach scope and strengthen security measures.