Stolen data from Swedish hospital for sale on dark web

TT/The Local
TT/The Local - [email protected]
Stolen data from Swedish hospital for sale on dark web
Stockholm's Sophiahemmet is one of Sweden's oldest private hospitals. Photo: Henrik Montgomery/TT

Information stolen from Stockholm's Sophiahemmet hospital in a cyber attack last week has been listed for sale on the dark web by a hacker group.


"We're trying to figure out how much and what kind of data this is about," Sophiahemmet head of communications Pia Hultkrantz told TT newswire.

According to tech newspaper Ny Teknik, hacker group Medusa has now listed the data for sale on its website on the dark web, where it is asking for a million US dollars to delete the data. The group has also published what's known as a proof of compromise, showing what kind of data the group has obtained.

The dark web is a hidden part of the internet which requires special software, configurations or authorisations to access. Search results from the dark web do not appear on search engines.

"There's no doubt that Medusa has obtained data, and they're threatening to leak it now," IT specialist Karl-Emil Nikka told the newspaper.

"I can see there are lots of Excel spreadsheets, for example, including information like timesheets and things which could contain sensitive personal information about employees."

The hacker attack knocked out telephones at the privately run Sophiahemmet overnight between Monday and Tuesday last week. In response, the hospital shut down all its computers as a security measure, and Region Stockholm activated what’s known in Swedish as stabsläge, the lowest level on a three-point scale of heightened preparedness used in healthcare services.

According to an IT expert who P4 Värmland spoke to, a large number of files from the attack are up for sale, although the hospital has not been able to confirm the amount of data affected.

"It's clear this is a new stage in the attack we've been hit by," Hultkrantz told TT. She confirmed to the newswire that the hospital had received a message from Medusa in the form of a screenshot advertising data stolen from "Sophiahemmet university".


"We're investigating with all means at our disposal along with Region Stockholm's IT experts to find out what this is about. As soon as we know that, we can be more active and act," she said.

The attack at Sophiahemmet is the latest in a spate of cyber attacks targeting Swedish businesses and public authorities in recent weeks, although it is not known whether or not this attack is connected to previous incidents.

The Dagens Nyheter newspaper reported last week that Bjuv, a small municipality of some 16,000 residents in southern Sweden, had received threats from Russian hacker group Akira.

Akira is threatening to leak data, which it stole from the municipality, in the form of "confidential documents, contracts, agreements, personal files" on the dark web, and was also behind a major attack on IT supplier Tietoevry last month, which affected tens of thousands of employees at Swedish businesses and public authorities. However, the attack on Bjuv is believed to be a separate incident, according to Dagens Nyheter.


Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also