Cyber Incident Victim: St. Elisabeth-Stiftung
Date:
Mar 2024
Location:
Germany
Summary
The St. Elisabeth-Stiftung experienced a cyberattack, prompting immediate containment measures including disconnecting its network from the internet upon detection by security systems. Internal operations and communication remain functional across facilities, with care services uninterrupted. An external IT provider is assisting in analyzing the incident and strengthening system security to mitigate risks. While no operational damage or confirmed data theft has been identified thus far, the full scope and potential impacts remain under investigation as recovery efforts focus on restoring system integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The St. Elisabeth-Stiftung, a foundation based in Bad Waldsee, Germany, became the confirmed target of a cyberattack in early April 2024. The organization detected the intrusion through its security systems, which triggered an immediate response. Simon Eitel, Head of Communications for the foundation, publicly confirmed the incident on April 1, 2024, stating that necessary containment measures were initiated upon discovery. As a precautionary step to prevent further unauthorized access, the foundation disconnected its entire network from the internet. Internal network operations, including communication systems and processes within the foundation’s facilities, remained functional and stable despite the disconnection from external networks. The foundation engaged an external IT service provider to assist in analyzing the attack’s origin, methods, and potential entry points. Eitel emphasized that care services—including patient support and nursing operations across the foundation’s facilities—continued without disruption, ensuring no immediate impact on critical care delivery.
The full scope and severity of the cyberattack remained under active investigation as of the April 1 announcements. Forensic analysis conducted jointly by the foundation’s IT team and the external provider had not yet identified evidence of data exfiltration, system damage, or operational compromise. Eitel explicitly stated that no conclusions could be drawn about potential impacts until the investigation concluded, though preliminary findings indicated no detectable data theft or infrastructure damage. Security enhancements and vulnerability mitigation efforts were ongoing, focusing on restoring full system integrity and eliminating residual risks. The foundation maintained its offline network isolation as a temporary safeguard while continuing internal operations. No timeline was provided for restoring external connectivity or concluding the investigation, though Eitel reiterated the foundation’s prioritization of system security and operational continuity throughout the response.