IANAL, and can't profess to any knowledge whatsoever of Danish law, but opening a package clearly addressed to someone else without permission may be reasonable grounds for litigation.
Though to the question "what good will that do", you're right, it's not like new health records can be issued.
Depending on the details of what was shared and what ties them to an individual though, I suppose it might be possible to issue new IDs.
So? An unencrypted CD was accessible for a time period to a third party. It's good security practice to consider the data to be compromised. Especially a powerful, malicious actor will put in effort to make it appear that this is not the case.
If anything, this requires a severe audit of the security practices of the affected organisations. Moreover, I think citizens of Denmark are entitled to know what information about their personal health records is leaked.