Region Värmland has been hit by a phishing attack that compromised login credentials for 99 employees' email accounts, according to reports. The healthcare region has classified the incident as a 'personal data incident' and reported it to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), which is now investigating the attack.
The attacker gained access through a fraudulent email message, and in 44 cases, the intruder read emails on at least one occasion between October 2025 and February 2026. The incident was discovered last week, and affected accounts were immediately closed.
Region Värmland regularly faces phishing attacks, noting that it's not always easy for employees to distinguish legitimate communication as attackers become increasingly sophisticated.
Digitalization and IT Director Mikael Borén stated in a press release that Region Värmland regularly faces phishing attacks, noting that it's not always easy for employees to distinguish legitimate communication as attackers become increasingly sophisticated. The region emphasized that phishing attempts against their organization occur regularly, making it challenging for staff to identify fraudulent communications.