Last week, Adato, the IT system used in managing rehabilitation processes for employees at Malmö University, was the subject of a cyber-attack.

According to the information the University initially received from Miljödata, Adato’s service provider, no personal data was compromised in the attack. It has since emerged that certain information was accessed by the attacker.

With regard to employees of Malmö University, this information includes employment number, telephone number and email address at Malmö University, as well as name, address and personal identity number.

“Malmö University regrets that outsiders have been able to access this data as a result of the attack. We would like to emphasise that no information about medical certificates, treatment plans or other health data has been leaked,” says Suzanne Jacobsson, acting head of HR.

Reported to the Police

Malmö University is the data controller for the processing that takes place in Adato and is closely following Miljödata’s investigation and management of security issues going forward.

The incident has been reported to the Police and is being investigated together with Miljödata. Malmö University has reported the incident to the Swedish Authority for Privacy Protection (IMY) and the Swedish Civil Contingencies Agency (MSB) in accordance with the relevant procedures.