Cyber Incident Victim: Otto Group Telemedicine
Date:
Aug 2023
Location:
Switzerland
Summary
A cyberattack targeting Otto Group Telemedicine's Medgate disrupted medical services, rendering physicians unreachable via phone or app and causing patient appointment cancellations. The attackers made two separate intrusion attempts against portions of the IT infrastructure, which were detected and countered through security measures including isolating compromised systems and initiating forensic analysis. While no patient data or sensitive corporate information was confirmed stolen, the defensive shutdowns caused extended service outages, initially increasing call wait times before culminating in complete unavailability. The organization maintained contact with relevant authorities throughout the incident and prioritized protecting patient data integrity during recovery operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 30, 2023, Medgate, a Swiss telemedicine provider owned by Germany's Otto Group, detected an initial cyberattack targeting portions of its IT infrastructure. The company's security systems identified and repelled this intrusion attempt. This incident caused initial service disruptions, manifesting as extended telephone wait times and app outages starting August 31, though core medical operations continued. A second attack occurred on September 4, prompting Medgate to fully isolate compromised systems by shutting down affected infrastructure segments. This defensive action resulted in complete service interruption, rendering Medgate unreachable via telephone, mobile app, or digital platforms for all patients. Approximately 120 physicians with Swiss medical licenses lost system access, forcing appointment cancellations and preventing issuance of medical certificates or prescriptions. The attacks impacted Medgate's operations during a period of significant growth, following 280,000 patient consultations in Q1 2023 representing 20% year-over-year expansion.
Medgate immediately implemented containment protocols, including forensic isolation of breached systems and engagement with relevant authorities. The company confirmed no evidence of data exfiltration involving patient records or sensitive corporate information, nor any system encryption by attackers. Ongoing digital forensic analysis required extended infrastructure downtime to eliminate residual threats, prolonging service disruptions indefinitely. Medgate maintained public communications through press releases, apologizing for service interruptions while emphasizing data protection as its highest priority. The incident affected Medgate's entire service ecosystem, including its teleclinic platform, partner network clinics, and medication delivery services. As Europe's largest telemedical physician center with 300 Swiss employees and 680 total staff across subsidiaries in Germany, the Philippines, and BetterDoc, the outage disrupted healthcare access for a substantial patient base. Medgate committed to providing further updates as forensic investigations progressed, though restoration timelines remained unspecified at the time of reporting.