Cyber Incident Victim: Jämtlands Räddningstjänstförbund
Date:
Jan 2024
Location:
Sweden
Summary
A cyberattack targeted the administrative IT systems of Jämtland's emergency services, causing disruptions to non-critical operations such as permit processing while primary rescue functions remained operational. The organization switched to backup systems for emergency dispatch, ensuring uninterrupted communication via 112 calls and traditional telephony, with no impact on response capabilities. Officials confirmed rescue alerts and coordination with fire stations functioned normally, though administrative services experienced delays. Technical teams are working to restore affected systems, prioritizing critical operations, but no timeline exists for full recovery. Public emergency access remains unaffected, with alternative contact methods implemented while email services are suspended.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 18, 2024, Jämtlands Räddningstjänstförbund, part of the larger Räddningsregion MittNorrland collaborative structure encompassing 26 municipalities, experienced a cyberattack targeting its IT systems. The intrusion was detected overnight leading into Thursday, January 18, prompting immediate operational adjustments. Administrative systems were compromised and rendered inoperable, causing disruptions to non-emergency functions such as permit issuance, which authorities warned could experience processing delays. Crucially, the primary IT system responsible for emergency dispatch was taken offline as a precautionary measure, with operations transitioning to established backup systems. Despite the attack, core emergency response capabilities remained functional through redundant communication channels, including the Rakel radio system, telephone networks, and 112 emergency call services. Thomas Åslin, internal command staff at Räddningsregion Mittnorrland, confirmed the attack did not degrade rescue response capacity, emphasizing the resilience derived from the regional partnership model that shares a common rescue coordination system across multiple municipalities.
Technical personnel, led by Niclas von Essen of the Technical Unit, initiated containment and recovery procedures immediately upon detection, though no timeline for full system restoration was provided. The organization maintained public access to emergency services through phone (063-14 80 00) and postal communications, suspending email functionality due to the compromise. Forbundschef Lars Nyman and von Essen repeatedly assured residents that emergency dispatch pathways to fire stations and rescue personnel operated normally via backup infrastructure, urging the public to contact 112 as usual for urgent assistance. While administrative workflows faced interruptions, response teams prioritized sustaining critical lifesaving operations while investigating the attack’s scope and origin. The incident remained under active management with no further details disclosed regarding technical specifics, threat actors, or long-term recovery expectations beyond the confirmation that rescue readiness was preserved throughout the disruption.