Stockholm in crisis mode after hacker attack on major hospital

The Local Sweden
The Local Sweden - [email protected]
Stockholm in crisis mode after hacker attack on major hospital
Sophiahemmet is a private hospital at Norra Djurgården in Stockholm. Photo: Henrik Montgomery/Scanpix

Stockholm's regional authority is stepping up security after one of the major hospitals in the Swedish capital was targeted by unknown perpetrators in a cyber attack.


The hacker attack knocked out telephones at the privately run Sophiahemmet overnight between Monday and Tuesday. In response, the hospital shut down all its computers as a security measure.

Region Stockholm on Tuesday evening activated what’s known in Swedish as stabsläge, the lowest level on a three-point scale of heightened preparedness used in healthcare services.

It’s an official term which generally means that a specially designated management group within the healthcare services stays informed about the situation and how it develops, and acts accordingly.

“It’s a security measure, to be able to monitor the situation and quickly be able to make decisions if needed. But we have no indication that anyone else in the region is affected,” Elda Sparrelid, chief physician for Region Stockholm, told Swedish news agency TT on Wednesday.

It was on Wednesday morning not clear who was behind the cyber attack.

In the meantime, the hospital continues to operate according to backup procedures.

Sophiahemmet said it was looking after all its patients according to plan, but that waiting times may be longer than normal due to staff carrying out administrative duties by hand, using pen and paper.

It’s the latest in a spate of cyber attacks targeting Swedish businesses and public authorities in recent weeks, although it is not known whether or not this attack is connected to previous incidents.


The Dagens Nyheter newspaper reported on Tuesday that Bjuv, a small municipality of some 16,000 residents in southern Sweden, had received threats from Russian hacker group Akira.

Akira is threatening to leak data, which it stole from the municipality, in the form of "confidential documents, contracts, agreements, personal files" on the darknet market, an encrypted part of the internet which can only be accessed with the help of special software or settings.

Akira was also behind a major attack on IT supplier Tietoevry last month, which affected tens of thousands of employees at Swedish businesses and public authorities. However, the attack on Bjuv is believed to be a separate incident, according to Dagens Nyheter.


Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also