The extent of the cyberattack, which occurred over the weekend, is unclear. So far, it is known that Region Gotland, Kalmar municipality, Karlstad municipality, and Skellefteå municipality are affected.
The system handles, among other things, labor law cases, rehabilitation cases, medical certificates, as well as reporting and handling of work injuries and incidents. Therefore, sensitive personal data of employees, former employees, and students may have been leaked.
"Important measures have also been taken to ensure that this has not been able to spread to the municipality's other systems," writes Skellefteå municipality in a press release.
The municipality has set up a crisis group and an incident report is being prepared to be sent to the Swedish Authority for Privacy Protection (IMY). Kalmar and Karlstad municipalities are also on their way to doing the same. Region Gotland announces that they are in "continuous contact with the supplier" to investigate the extent of the attack.
