Cyber Incident Victim: Härjedalens kommun
Date:
Dec 2023
Location:
Sweden
Summary
A cyberattack disrupted Härjedalen's municipal IT systems, causing significant operational challenges and forcing a shift to manual processes such as paper-based record-keeping, particularly impacting elderly care due to inaccessible digital health records. The municipality refused ransom demands, maintained critical healthcare services via telephone, and established temporary communication channels while restoring systems gradually. Recovery efforts included resetting passwords and incremental service restoration, though full system functionality remained incomplete. The incident underscored cybersecurity vulnerabilities in public administration and highlighted the importance of robust crisis management protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23, 2023, Härjedalen Municipality in Jämtlands County, Sweden, experienced a significant IT attack that disrupted its digital infrastructure. The incident compelled the municipality to activate its crisis management organization immediately. Critical IT systems became inaccessible, forcing staff across municipal operations to revert to manual methods such as paper-based documentation. This disruption proved particularly severe within elderly care services, where digital health records became unavailable, impairing access to vital patient information. Despite these operational challenges, the municipality maintained essential services in healthcare and social care sectors throughout the attack. Officials refused to engage with the perpetrators' demands, adhering to standard protocols designed to avoid incentivizing further criminal activity. Security concerns prevented the municipality from disclosing specifics about the attackers' identity or ransom terms.
By January 4, 2024, recovery efforts showed progress as systems began gradually returning online. The municipality initiated password resets across its network to bolster security during the restoration phase. Temporary communication channels were established, including a provisional email address for citizen inquiries while primary email systems remained offline. Citizens were instructed to submit urgent welfare concerns via telephone during business hours or through emergency services (112) after hours. Property-related fault reports for municipal housing (Härjegårdar) were directed through phone contacts or a designated website form. The attack's aftermath required sustained manual workarounds across administrative functions, with full system restoration still incomplete at the time of reporting. No data breaches or thefts were confirmed in available reports, though operational continuity relied heavily on analog processes for an extended period.