Cyber Incident Victim: Sundhedsvæsenets
Date:
May 2022
Location:
Greenland
Summary
A cyberattack targeted a healthcare system, causing widespread IT outages that required full system restarts and disrupted patient services including medical record access, appointment scheduling, and email communications. The incident led to significant operational delays, increased wait times, and some canceled appointments, though emergency services remained available via phone. Technical investigations initially found no evidence of compromised or copied citizen data, though impact assessments continued. This attack followed another recent cybersecurity breach affecting public IT infrastructure that had previously delayed social benefit payments and parliamentary operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting Greenland's healthcare system, Sundhedsvæsenet, caused a widespread IT system outage first reported on May 9, 2022. The incident prompted Naalakkersuisut (Greenland's government) to initiate full system restarts across healthcare IT infrastructure, requiring all systems to be shut down and rebooted. This disruption rendered patient medical journals inaccessible, severely impacting clinical operations. Authorities stated technical analyses indicated no evidence of citizen data damage or unauthorized copying at that stage, though investigations into the attack's full scope remained ongoing. Patients experienced significant service delays, with officials warning of extended waiting times and potential cancellation of pre-scheduled appointments. Non-urgent care faced particular disruptions, though emergency services continued operating with alternative telephone-based triage systems. The system failure initially manifested through the inaccessibility of Doktor.gl, Greenland's primary healthcare portal, coupled with complete email system failures across Sundhedsvæsenet's networks.
This incident followed another recent cyberattack on Greenland's public IT infrastructure in late March 2022, which had compromised central administration servers. The March attack caused multi-system failures including delayed social benefit payments, postponement of Inatsisartut's (Parliament) spring session, and widespread public website outages. The May healthcare attack demonstrated recurring vulnerabilities in Greenland's critical infrastructure, with both incidents disrupting essential public services through digital system compromises. While restoration efforts focused on system reboots rather than data recovery during the May event, the parallel impacts on healthcare access and governmental operations revealed systemic cybersecurity challenges. The consecutive nature of these attacks within a two-month period underscored persistent threats to Greenland's public sector digital infrastructure.