Cyber Incident Victim: Odense Universitetshospital
Date:
May 2024
Location:
Denmark
Summary
Odense Universitetshospital experienced a significant ransomware attack targeting its external IT infrastructure provider, IT-Hotellet, which operated critical monitoring systems from a secured facility. While the hospital's internal networks remained uncompromised due to prompt isolation, the attack disrupted automated system oversight, requiring staff to manually verify equipment functionality. The incident caused severe operational consequences for IT-Hotellet, forcing it toward likely bankruptcy, though patient care was unaffected. Recovery timelines varied across hospital locations, with some branches restoring normal operations faster than others. Cybersecurity experts highlighted the event as a critical warning about supply chain vulnerabilities in public institutions, noting ransomware typically targets smaller private vendors supporting essential services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Odense Universitetshospital (OUH) experienced a significant ransomware attack targeting its external service provider, IT-Hotellet, during the night leading to Friday in the week preceding May 31, 2024. The attack compromised IT-Hotellet’s servers, housed in a former bunker within the Fruens Bøge forest area near Odense, which provided monitoring support for OUH’s IT infrastructure. Hackers deployed ransomware to lock files, though OUH clarified that its internal network remained unaffected due to timely isolation of the compromised external systems. The hospital confirmed no direct impact on patient care but acknowledged operational disruptions for staff, who were required to manually oversee equipment functionality typically managed by IT-Hotellet’s automated monitoring. IT-Hotellet, unable to recover from the attack, announced its impending bankruptcy, citing insufficient resources to restore operations. OUH’s building and service operations chief, Steen Reinholdt Sørensen, emphasized that the incident did not constitute a critical threat to hospital functions but created additional workload and inconvenience.
The attack’s primary consequence was the collapse of IT-Hotellet, with its director, Thomas Vandsted Nielsen, publicly stating the likelihood of closure or bankruptcy. OUH’s operational recovery progressed unevenly across its facilities: systems in Nyborg and Ærø resumed normal operations swiftly, while Svendborg reached 90% functionality, and the main Odense location faced 7–14 days of restoration work. The incident highlighted vulnerabilities in third-party supplier management, with DR’s tech correspondent Henrik Moltke noting it as a rare case of ransomware indirectly affecting a major public institution through a smaller private contractor. Moltke observed that attackers typically avoid targeting large public entities like hospitals due to prohibitions on ransom payments, making IT-Hotellet’s role as a support provider the exploitable weak point. OUH’s containment efforts successfully prevented internal system breaches, but the disruption underscored dependencies on external vendors for critical monitoring functions.