Demant ransomware attack
A ransomware-style cyber incident forced Danish hearing-aid giant Demant to shut down IT systems worldwide, crippling production and order processing and causing an estimated loss of up to $95 million — one of the costliest single ransomware events on record.
- Victim
- Demant
- Loss
- $95.0M
On 3 September 2019, Demant — the Danish multinational behind the Oticon hearing-aid brand and one of the world's largest hearing-healthcare companies — detected a "critical incident" on its servers and began an emergency shutdown of IT systems across sites and business units worldwide. The disruption that followed produced an estimated loss of up to $95 million, making it one of the most expensive single ransomware-class incidents ever publicly quantified.
What happened
Demant did not publish full technical details, but the response pattern — shutting down systems across multiple sites and business units around the globe — is the signature of a fast-spreading ransomware infection. Danish media reported the incident as ransomware, though Demant itself never formally confirmed the malware family or named an attacker.
The shutdown knocked out the systems that manufacture, distribute, and process orders for hearing aids and diagnostic equipment. With its ERP and production platforms offline, Demant could not take or fulfill orders normally for an extended period, hitting its core revenue stream at scale.
The financial impact
When Demant quantified the damage in November 2019, the numbers were striking:
- An estimated total impact of DKK 550–650 million, roughly $80–95 million.
- Around half of the loss stemmed from lost sales and the inability to process orders — not from the technical cleanup.
- The direct cost of recovering IT systems was comparatively small, around $7.3 million.
- Demant held a cyber-insurance policy that absorbed part of the loss; the company indicated the bill would have been roughly $14.6 million higher without it.
Why it matters
Demant became a textbook illustration that the dominant cost of ransomware is business interruption, not ransom or remediation. The company appears not to have paid a ransom, yet still absorbed up to $95 million in damage — overwhelmingly from lost sales while production stood still. The case also showcased the value of cyber insurance in cushioning catastrophic operational losses, and it underlined the fragility of globally integrated manufacturing, where a single intrusion can simultaneously freeze plants and order systems on multiple continents. For a healthcare manufacturer, the disruption also delayed delivery of medical devices to patients who depend on them.
Financial impact
Reported costs in USD
- Remediation$7.3M
Timeline
Demant detects a 'critical incident' on its servers and begins shutting down IT systems across multiple sites and business units worldwide.
Production and distribution of hearing aids are disrupted as order-processing, ERP, and manufacturing systems go offline.
Demant works to restore systems from backups; ransomware is reported by Danish media though not formally confirmed by the company.
Demant discloses an estimated financial impact of DKK 550–650 million (about $80–95 million), reduced by cyber insurance.
Sources
- grahamcluley.comhttps://grahamcluley.com/hearing-aid-manufacturer-hit-by-cyber-attack-slashes-profits-by-95-million/
- portswigger.nethttps://portswigger.net/daily-swig/danish-hearing-aid-firm-slashes-forecasts-after-breach
- scworld.comhttps://www.scworld.com/news/cyberattack-causes-95-million-loss-for-demant
- hearinghealthmatters.orghttps://hearinghealthmatters.org/hearing-news-watch/2019/demant-estimates-losses-related-to-cyber-attack-possibly-as-high-as-95m/
- spamtitan.comhttps://www.spamtitan.com/blog/cost-of-a-ransomware-attack-95-million-for-danish-firm-demant/