Demant, the manufacturer of Oticon hearing aids, has said that it expects losses of up to 650 million kroner (approximately $95 million) following a cyber attack earlier this month.
The company’s servers suffered what it described as a “critical incident” on September 3, disrupting the production and distribution of its products.
Details remain sketchy, but the fact that the company shut down IT systems across multiple sites and business units around the world – and that they claim this helped contained the problem – suggest that the firm’s systems were infected by malware, potentially ransomware.
Demant Group experienced a critical incident on our internal IT infrastructure on 3 September 2019. The Group’s IT infrastructure was hit by cybercrime. Our quick response to the issue by shutting down IT systems across multiple sites around and business units, contained and limited the issue.
Our gradual and extensive recovery is running according to plans and prioritisations, and the organisation is working intensely with progress in a structured and thorough manner. We are continuously getting parts of the IT infrastructure up and running; we do, however, continue to have core IT systems closed in order to recover safely.
We do not have any indications that any personal data has been accessed or extracted from our systems as part of this incident and potential damage still appears to be contained. We continue to investigate this matter and will notify any issues to relevant authorities as required.
In a new press release issued today, Demant has shared more details of the operational and financial impact of the attack.
The company says that despite taking steps to mitigate the impact of the malware attack, business processes including R&D, production and distribution were affected by the incident.
Fortunately, backups of data were left “overall intact” and allowed the IT team to “recover in a structured and efficient way.”
The company says it operations have returned to a “substantial number” of its sites, and it expects to have recovered remaining business-critical systems, applications and servers “within the next two to three weeks.”
Production lines in Poland and Mexico are claimed to be “quickly approaching full capacity,” but there is still more work to be done at production sites in Denmark and France.
However, Demant has felt it necessary to cut its profit outlook, and has for now suspended its share buyback scheme.
“Our current preliminary assessment indicates a total negative financial impact on EBIT in 2019 in the range of DKK 550-650 million, which includes the deduction of an expected insurance coverage of approx. DKK 100 million. This impact is predominately related to the estimated lost sales and weakening of growth momentum. Included in the financial impact, we expect to incur costs of DKK 50 million directly related to the incident.”
500 million Danish kroner is $95.2 million.
“The cybercrime has had a significant impact on our ability to generate the growth we expected for the second half-year, and even though our commercial operations are doing their utmost to make up for the impact of the incident, we are in a situation where we cannot execute on our ambitious commercial growth activities to the planned extent,” said Søren Nielsen, President & CEO of Demant. “We are working around the clock to return to our growth-oriented business focus, while minimising the impact on customers and users of our products.”
Reuters reports that shares in Demant have fallen 12% since the cyber attack was first reported on September 3, and fell almost 7% in early trading today.