When drones buzz over airports or power outages darken wards, the question is no longer whether Denmark’s hospitals are vulnerable—it’s how well prepared they are to survive disruption.
Recent incidents have exposed what many experts have warned for years: the country’s hospitals, among the most digitalised in Europe, remain soft targets in a harder security climate.
Open doors, open risks
Rasmus Dahlberg, researcher in emergency preparedness and societal security, puts it bluntly: “Our hospitals are vulnerable because they are open and have free access for everyone. That is a vulnerability in itself.”
In September, Randers Regional Hospital suffered two sudden power outages that hit both its primary and backup systems. Police later arrested a man who had broken into the facility. It wasn’t sabotage—just a confused intruder—but it proved how easily someone could reach critical infrastructure.
Denmark’s Ministry of Health agrees the system needs sharper readiness. Minister Sophie Løhde recently confirmed that the government will allocate 500 million kroner over the next few years to strengthen preparedness and review emergency plans.
“We are looking into a new and more serious risk picture,” she said. “Our goal is to ensure hospitals can continue treating patients even under crisis conditions.”
Cyberattacks move faster than defences
Digital threats have become the main concern. The Danish Centre for Cyber Security classifies the cyber threat to healthcare as very high. Odense University Hospital learned that firsthand when an external IT supplier was hacked, forcing systems offline for almost two weeks.
Jens Myrup Pedersen, professor of cybersecurity at Aalborg University, sees progress but not enough. “Hospitals are a hotbed for hackers because an attack hurts—and because they hold enormous amounts of personal data. It’s a race between those who want to attack and those of us trying to defend.”
That race is getting harder. In 2024 and 2025, Denmark recorded several supply-chain breaches, including the massive Alles Lægehus data leak that exposed records of 130,000 patients. Health data has become both weapon and prize.
Powering resilience isn’t just about diesel
Power reliability remains another weak point. Herlev Hospital’s 2024 outage forced staff to move patients and suspend births until backup generators restored power hours later. Dahlberg argues hospitals can’t rely on emergency generators alone: “You can’t just continue operations for days or weeks as if nothing happened. Controlled shutdowns, redundancy, and smarter power systems are essential.”
Some regions are now investing in hybrid backup technologies—battery and flywheel systems that buy hospitals time before diesel takes over.
Lessons from Nordic neighbours
Across the Nordics, the story echoes: digital ambition meets new forms of vulnerability. But responses differ in speed and structure.
- Sweden suffered the loudest wake-up call. The Tietoevry ransomware attack in 2024 knocked out key systems for multiple public institutions, prompting a nationwide push for stricter supplier oversight. The Swedish government now treats vendor cybersecurity as part of national resilience.
- Norway brings discipline and centralisation. Its National Security Authority (NSM) and NorCERT coordinate incident response across sectors. After ministries were targeted in 2023, Norway strengthened cross-sector drills and clear crisis playbooks.
- Finland has tied cyber and civil preparedness together in a new action plan linking energy, healthcare, and digital infrastructure. Hospitals must run regular resilience audits and prove their contingency plans are tested.
- Denmark, by contrast, operates through regional health authorities, creating patchwork responsibility. Its cyber centre is strong, but coordination between national bodies, hospital IT teams, and external vendors remains a challenge.
The comparison is clear: Norway and Finland show how tight coordination and regular drills turn policy into real readiness. Sweden shows what happens when supplier risk goes unmanaged. Denmark sits somewhere in between—alert, but still reactive.
The hard part: staying open
There’s no easy fix. Hospitals must stay open to patients and relatives, which means total control at the doors isn’t an option. As Anders Kühnau, chairman of Danish Regions, put it: “We can never completely prevent people from entering who want to harm us, unless we close the hospitals. And that’s not who we are.”
The challenge, then, is to harden systems without hardening society. That means better risk mapping, tighter vendor standards, layered power resilience, and scenario drills that treat hybrid attacks as inevitable, not hypothetical.
The road ahead
Denmark’s healthcare system remains among the most advanced in the world, but its exposure mirrors that strength. High digital integration means a single IT failure—or a single supplier breach—can ripple across entire regions.
The government’s funding package is a step in the right direction, and the new international network for hospital cybersecurity, anchored in Danish Life Science Cluster, signals growing recognition that resilience must be both technical and cooperative.
Still, the message from experts is unmistakable: hospitals are critical infrastructure. They can’t go dark, even for a moment. And in an era where physical, digital, and hybrid threats overlap, preparedness is no longer a department—it’s a mindset.
Bottom line: Denmark isn’t alone in facing these risks, but it has the chance to lead the Nordics in how it responds. That means moving from plans on paper to readiness in practice—before the next outage, or the next breach, makes the point for us.
The Nordic Business Journal provides independent economic and business analysis across the Nordic region. For daily updates and in-depth reports, visit nordicbusinessjournal.com.