Cyber Incident Victim: Karolinska Institutet

A ransomware attack targeting Tietoevry, the external supplier of Karolinska Institutet's payroll system, occurred over the weekend of January 20-21, 2024. The attack compromised part of Tietoevry's Swedish data center infrastructure, directly impacting KI's access to critical HR systems. In response, KI immediately closed Primula, its payroll administration system, and the PA-web interface until further notice to facilitate troubleshooting and implement protective measures. The shutdown was announced on January 21, 2024, through KI's operational information channels, with initial confirmation that January salary payments would proceed unaffected because the necessary bank files had been transmitted prior to the incident. No technical details about the ransomware variant, intrusion methods, or scope beyond Tietoevry's Swedish data center were disclosed in available communications.

The incident disrupted routine payroll operations and employee access to HR services through the affected platforms, though KI emphasized continuity of salary disbursement. Organizational response focused on containment through system isolation while Tietoevry addressed the attack's consequences. KI committed to providing ongoing updates via the employee portal's operational information section but did not specify restoration timelines or alternative workflows for affected processes. Martin Sjölund, HR Specialist, was designated as the primary contact for inquiries, though no further procedural guidance for staff was detailed in the initial announcement. The university maintained operational transparency regarding system availability while relying on the vendor's remediation efforts to resolve the infrastructure compromise.