Cyber Incident Victim: AMEOS Gruppe

On July 25, 2022, AMEOS Klinikum St. Elisabeth in Neuburg disconnected its internet connection and halted external email communications as a precautionary security measure. This action followed alerts from the AMEOS Group’s IT security systems indicating a surge in phishing email activity targeting the facility. The organization implemented immediate containment protocols to prevent the dissemination of infected emails or unauthorized malicious software installations across its network. Forensic investigations conducted afterward confirmed the incident did not involve ransomware deployment or encryption of systems. AMEOS prioritized maintaining uninterrupted internal hospital communications between departments and staff throughout the disruption, ensuring core clinical operations continued without degradation in patient care services.

A dedicated task force comprising IT specialists and data protection experts from the AMEOS Group activated promptly to manage the incident. The team established a parallel communication system to facilitate secure external data transfers, including critical medical documents such as diagnostic findings, while primary email services remained offline. Rudolf Schnauhuber, AMEOS Süd’s regional managing director, publicly acknowledged staff and technical teams for sustaining professional patient care standards during the disruption. AMEOS formally reported the incident to the Bavarian State Office for Data Protection Supervision, reflecting its compliance with regulatory obligations and emphasis on data security. The hospital maintained public accessibility via its published phone number during the outage. Full restoration of IT systems occurred as planned on the morning of July 29, 2022, concluding the operational contingency phase without evidence of data exfiltration or prolonged clinical impact.