Security concerns are mounting around Denmark’s hospitals, with experts and officials warning that critical infrastructure is vulnerable to crises and hybrid attacks, as incidents involving power failures and cyber threats highlight systemic risks.
Hospitals Increasingly Vulnerable to Hybrid Threats
In the wake of recent security debates sparked by drone sightings around Danish airports and military installations, attention has now shifted to the country’s hospitals. Experts in emergency preparedness and cybersecurity are sounding the alarm on how vulnerable healthcare facilities have become in times of crisis or targeted attacks.
Part of the vulnerability stems from the open nature of healthcare facilities. Hospitals in Denmark are public spaces where anyone can typically walk in without extensive checks. This openness, while vital for patient access and public trust, also leaves hospitals exposed to sabotage or disruptions that could impact critical operations like power supply, IT systems, or medical stockpiles.
Real Incidents Reinforce Vulnerability
At Randers Regional Hospital, two power outages in September 2023 – one of which disrupted both the primary and backup power systems on the operating floor – raised significant safety concerns. Although the incident was linked to unauthorized access, with a 36-year-old man arrested for breaking into secured areas, officials believe no intentional attack occurred. Still, the event highlighted how easily internal systems can be compromised.
A similar scenario unfolded at Herlev Hospital, where a region-wide power failure shut down electricity and forced staff to transfer patients to other facilities. Despite backup generators activating as designed, it took about four hours to restore normal operations, underscoring the limitations of emergency preparedness.
Cyberattacks and Personal Data Theft a Growing Threat
Technological vulnerabilities are also a growing concern. In 2023, Odense University Hospital faced a major cyberattack via one of its external IT providers. Although internal systems remained unaffected and patient care continued, it took up to 14 days to restore full system functionality. According to a national risk assessment by the Danish Centre for Cyber Security, the cyber threat against the healthcare sector is classified as “very high.”
One of the reasons hospitals are attractive targets for hackers is because they store vast amounts of sensitive data. Denmark’s healthcare databases contain detailed personal records for millions of people, which makes them especially lucrative to cybercriminals. Between 2020 and 2022, the number of reported cyber incidents targeting the public sector in Denmark rose by 64%, many of which involved healthcare institutions.
Emergency Power Systems Not Foolproof
While all Danish hospitals are equipped with emergency power systems, experts caution that these generators are primarily designed for temporary use – often to facilitate an orderly shutdown or short-term operations. According to technical data from Herlev Hospital, its new emergency power unit installed in 2018 consists of eight large diesel engines that can run independently for one to two days without refueling.
But reliance solely on backup power is not a sustainable crisis solution. In a large-scale or prolonged disruption – such as a regional blackout or coordinated digital-physical attack – these systems may falter or be insufficient to maintain full hospital functionality.
Government Acknowledges Risks and Responds
Danmark’s Ministry of the Interior and Health has acknowledged that the risk landscape surrounding healthcare facilities has evolved significantly. The government has earmarked 500 million DKK (approximately 72 million USD) to enhance emergency preparedness over several years. Measures include upgraded power systems, improved cybersecurity protocols, and enhanced staff training for crisis situations.
Despite these efforts, officials maintain that keeping hospitals open and accessible is a core value of the system. Leadership from Danish Regions – the national governing body of regional health authorities – emphasized that any attempt to make hospitals more secure must be balanced with the need for openness and public trust.
Ongoing Investments Aim to Strengthen Resilience
With a new focus on preventive security and incident response, both national and regional governments are stepping up investments in disaster preparedness. Experts believe more can be done: from increasing IT resilience and securing physical access points to enhancing real-time monitoring of energy systems.
As of early 2024, upgrades to hospital infrastructure and security protocols continue across Denmark, with the goal of ensuring that hospitals remain safe sanctuaries — even in times of national crisis or cyber warfare.
