Sermo Reports Data Breach Following Ransomware Attack in Denmark
Sermo, a healthcare-focused platform, disclosed a data breach after a ransomware attack disrupted operations at its Denmark-based data center. The incident began on April 10, 2024, when a power outage was later identified as a ransomware event, prompting an internal investigation.
The company confirmed that an unauthorized third party may have accessed and exfiltrated sensitive personal data between March 19 and April 10, 2024. Exposed information includes names and Social Security numbers, though the exact details vary by individual.
On February 9, 2026, Sermo began notifying affected individuals via mail, providing specifics on the compromised data and offering complimentary credit monitoring services. The breach notice was filed with the Attorney General of Maine, where details of the incident are publicly available.
Source: https://straussborrelli.com/2026/02/10/sermo-data-breach-investigation/
Sermo cybersecurity rating report: https://www.rankiteo.com/company/worldone
"id": "WOR1770840127",
"linkid": "worldone",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Denmark',
'name': 'Sermo',
'type': 'Healthcare-focused platform'}],
'customer_advisories': 'Notified affected individuals via mail on February 9, '
'2026, with details on compromised data and credit '
'monitoring services',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2024-04-10',
'date_publicly_disclosed': '2026-02-09',
'description': 'Sermo, a healthcare-focused platform, disclosed a data breach '
'after a ransomware attack disrupted operations at its '
'Denmark-based data center. The incident began on April 10, '
'2024, when a power outage was later identified as a '
'ransomware event, prompting an internal investigation. An '
'unauthorized third party may have accessed and exfiltrated '
'sensitive personal data between March 19 and April 10, 2024.',
'impact': {'data_compromised': 'Names and Social Security numbers',
'identity_theft_risk': 'High',
'operational_impact': 'Disrupted operations at Denmark-based data '
'center'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Attorney General of Maine'}],
'regulatory_compliance': {'regulatory_notifications': 'Breach notice filed '
'with the Attorney '
'General of Maine'},
'response': {'communication_strategy': 'Notified affected individuals via '
'mail on February 9, 2026, providing '
'specifics on compromised data and '
'offering complimentary credit '
'monitoring services'},
'title': 'Sermo Data Breach Following Ransomware Attack',
'type': 'Ransomware'}