Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities

Flag of Sweden flying in the wind with blue skies and light clouds in background.

(Image credit: Getty Images)

published 1 September 2025

200 municipalities and regional governments in Sweden have been severely disrupted following a ransomware attack on IT systems supplier Miljödata.

The company, which supplies HR systems to around 80% of the country’s municipal governments, discovered the breach on Saturday 23rd August, authorities said.

"The government is receiving ongoing information about the incident and is in close contact with the relevant authorities," said Swedish minister for civil defence Carl-Oskar Bohlin.

"CERT-SE, which has the task of supporting Swedish society in handling and preventing IT security incidents, has offered advice and support to both the company in question and the affected customers."

Bolin said the country's national cybersecurity center is coordinating disclosure to the relevant authorities, and that a police investigation is underway. The full effects of the breach have not yet been established, he added.

However, regions including Halland and Gotland have warned citizens that their personal data may have been affected. Halland said its Adato sick leave management system, Stella work-related injury reporting system, and Novi HR management system are currently down.

The Gotland region, meanwhile, uses four Miljödata systems, handling medical certificates, rehabilitation plans, occupational injuries, and more.

“Region Gotland is one of many regions and municipalities that are affected by the cyber attacks that Miljödata is exposed to,” said the region's HR Director Lotta Israelsson,

"At present, there are extensive investigations at Miljödata to investigate the extent of the attack and we are in continuous contact with the supplier."

No ransomware group has claimed responsibility for the attack. However, Miljödata has reportedly received a ransom demand of 1.5 bitcoin - just $163,245 - implying that it's unlikely to be one of the big players.

“The attack in Sweden shows the reality that for cyber criminals, targeting supply chain vulnerabilities is one of the most effective levers to cause disruption at scale," said Andrew Lintell, general manager, EMEA, at Claroty.

"By compromising a single IT system supplier can cripple vital functions and processes in one strike."

Miljödata attack the latest to target public sector

Supply chain attacks on government organizations are on the rise around the world, and Sweden is no exception.

Last year, for example, Swedish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, again involving HR systems, that affected businesses and government agencies including Sweden’s national government service center.

"For municipalities and other public-sector entities, this event shows the urgent need to treat third-party and supply chain security as a core pillar of resilience," said Lintell.

"That means maintaining full visibility into all connected systems and taking on the responsibility of continuously assessing the security posture of vendors. It is key to enforce least-privilege access and ensure that contingency plans are in place to keep essential operations running even when a trusted provider is compromised."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.