Cyber Incident Victim: Austrian Ministry of Health

On December 2, 2020, the Austrian Ministry of Health launched www.österreich-testet.at, a website enabling registration for COVID-19 mass testing in Vienna, with initial testing scheduled to begin at three locations on December 4. The site became operational at midnight but experienced widespread accessibility issues within hours. Users reported systemic failures by Wednesday morning, preventing access to registration services. Ministry officials attributed the disruption to a cyber attack, specifically noting that unidentified threat actors had attempted to overwhelm the system with a flood of requests. This volumetric attack method paralyzed the website’s functionality during a critical public health initiative. The incident occurred during the site’s initial operational phase, limiting service availability exclusively to Vienna residents at launch. No technical details regarding attack vectors, mitigation measures, or attacker origins were disclosed by authorities at this stage.

The cyber attack caused immediate operational disruption, halting public access to COVID-19 test registration during a high-demand period. Ministry spokeswoman confirmed the incident to Austrian newspaper KURIER but did not specify whether user data was compromised beyond acknowledging a concurrent "data breach." System paralysis persisted for an unspecified duration, directly impacting Vienna’s testing rollout timeline. Public reports indicated significant user frustration due to the abrupt service interruption. The ministry did not disclose remediation timelines, forensic findings, or whether law enforcement was engaged. Consequences included delayed public health preparedness and reputational damage to the digital infrastructure supporting pandemic response. The incident highlighted vulnerabilities in critical health service platforms during emergency deployments.