Miljödata, a Swedish software supplier serving nearly 80% of the nation’s municipalities, has been hit by a cyberattack that has caused widespread system outages and potential data exposure. As reported by Aftonbladet, the attack—which began over the weekend—left more than 200 municipalities struggling with accessibility problems in critical systems used for handling medical certificates, occupational injuries, incident reporting, and HR processes. CEO Erik Hallén confirmed the disruption on August 25, noting that the company is working with external experts to restore services and assess the full impact.
Reports from Swedish media indicate that the attackers are demanding a ransom of 1.5 Bitcoin (approx. $168,000) to avoid leaking stolen information. Some municipalities, including Halland Region and Gotland Region, have issued public warnings to citizens that sensitive personal data may have been compromised. Others, such as Skellefteå, Kalmar, Karlstad, and Mönsterås, have also been reported as impacted. With municipal systems heavily integrated into healthcare, HR, and safety reporting, the outage and potential breach represent a significant disruption for local services.
Sweden’s Minister for Civil Defence, Carl-Oskar Bohlin, confirmed that the incident is under investigation with assistance from CERT-SE and the police. Authorities are still working to determine the scope and consequences of the attack, as no ransomware group has claimed responsibility publicly at this time. Miljödata’s website remains offline, and its email servers are unreachable, further complicating communication with municipalities and citizens.
The incident echoes previous large-scale ransomware attacks against Swedish IT providers, such as the January 2024 Tietoevry breach by Akira ransomware, which caused widespread outages across government organizations and universities. The repeated targeting of centralized IT service providers underlines the systemic risk to national infrastructure and public sector continuity.
This attack highlights the dangers of concentrated dependency on centralized IT providers for critical public services. Municipalities and organizations relying on third-party vendors should strengthen vendor risk management, demand robust incident response and data protection guarantees, and ensure they have contingency plans for service continuity. As ransomware groups increasingly target software suppliers to maximize disruption, proactive defense strategies, segmented backups, and tighter data access controls are essential to reduce systemic vulnerabilities and protect sensitive information.
