Cyber Incident Victim: Tunstall Nederland
Date:
Oct 2023
Location:
Netherlands
Summary
A cyberattack targeted Tunstall Nederland, disrupting emergency alert systems and preventing notifications from reaching the company's control room. The incident impacted approximately 3,000 users in Limburg—primarily elderly and seriously ill individuals relying on personal alarms for emergencies—though national scope remained unclear. Critical services were restored progressively, with full functionality achieved following engagement with a cybersecurity firm. Investigations confirmed unauthorized data access occurred, though no evidence indicated public exposure of information. Authorities and partners were notified, while affected parties were directed to dedicated support channels for updates and assistance as recovery efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 29, 2023, Tunstall Nederland, the Dutch subsidiary of a Swedish healthcare automation provider, experienced a cyberattack that disrupted its critical emergency response systems. The attack compromised the functionality of personal alarm buttons used primarily by elderly and medically vulnerable individuals living independently, preventing emergency notifications from reaching Tunstall’s control room starting Sunday evening. Initial reports from welfare organization Envida indicated approximately 3,000 users in Limburg were affected, though the national scope remained unclear. These users, including individuals at high risk of falls or medical emergencies, lost access to the vital alert system. Tunstall Nederland, headquartered in Barendrecht, engaged a specialized cybersecurity firm immediately after detecting the incident to investigate the attack and initiate recovery efforts. By November 1, the company reported partial progress in restoring operations but provided no specific timeline for full resolution. Regional broadcaster L1 highlighted concerns over the societal impact, particularly given the reliance of vulnerable populations on uninterrupted service.
Tunstall’s recovery efforts progressed incrementally, with core services largely restored by November 13, 2023, and full operational status achieved by November 15. The cybersecurity investigation confirmed unauthorized access to company data, though the extent of data exfiltration or viewing remained undetermined. No evidence indicated public exposure of compromised data as of the November 16 update. Tunstall notified relevant authorities and partner organizations about the breach, emphasizing transparency despite unresolved aspects of the intrusion. The company established a dedicated email ([email protected]) and a Q&A page to address stakeholder inquiries while recovery continued. Service restoration alleviated the immediate risk to users dependent on emergency alerts, but the potential long-term implications of data access persisted as an unresolved concern. Tunstall committed to ongoing investigation and pledged to update affected parties should new findings emerge.