Cyber Incident Victim: Krankenhaus Agatharied
Date:
Jun 2024
Location:
Germany
Summary
A cyberattack significantly disrupted IT systems at Krankenhaus Agatharied, prompting the establishment of a crisis management team and coordination staff meeting three times daily to restore operations. Internal and external communications were severely restricted, forcing reliance on telephone contact only, with email services temporarily unavailable. Despite these disruptions, patient care remained unaffected due to implemented contingency plans, allowing all critical examinations and treatments to continue. Patients with upcoming appointments were instructed to confirm via phone, while suppliers and job applicants were similarly advised to use telephone communication. The hospital collaborated with IT specialists and authorities to resolve the incident but withheld further details for investigative reasons, emphasizing ongoing efforts to fully restore systems and secure data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 17, 2024, Krankenhaus Agatharied experienced severe IT disruptions later confirmed to result from a significant cyberattack. The incident first became apparent to patients during morning rounds when hospital staff encountered operational difficulties, though clinical care continued uninterrupted. Landrat Olaf von Löwis publicly disclosed the attack that evening during a CSU Kreisvertreterversammlung in Miesbach, characterizing it as a large-scale intrusion that had substantially disrupted operations. By midday on June 17, hospital administration had activated a crisis management team to coordinate the response. The attack primarily compromised internal and external communication systems, forcing temporary suspension of email services and creating accessibility challenges for data retrieval.
The hospital implemented contingency protocols to maintain critical operations, with staff adapting workflows to ensure uninterrupted patient care, including sustaining all essential diagnostic procedures. A dedicated coordination team convened three times daily with internal and external IT specialists to restore full system functionality while collaborating closely with law enforcement authorities. On June 18, the institution issued public guidance instructing patients with appointments within the following fortnight to proactively confirm via telephone, while directing suppliers and job applicants to similarly use phone-based communication exclusively. Hospital leadership emphasized their historical adherence to cybersecurity standards while acknowledging the sophistication of the breach. Operational impacts remained confined to communication systems, with no evidence of compromised patient safety or treatment interruptions. Investigation details remained undisclosed due to tactical considerations, though the hospital committed to providing further updates through its official website.