Cyber Incident Victim: Maternus-Kliniken AG

On October 17, 2023, the executive board of Maternus-Kliniken AG discovered a cyberattack targeting the company’s IT infrastructure, which resulted in unauthorized data exfiltration. The incident’s full scope remained under investigation at the time of disclosure, with no immediate confirmation of the volume or sensitivity of compromised information. Forensic analysis had not identified any encryption of systems or data by the attackers as of the reporting date. Operational continuity was maintained without significant disruption across the organization’s facilities. The company activated its predefined emergency response plan immediately upon detecting the breach, implementing precautionary containment measures to mitigate potential escalation. A dedicated task force collaborated with external cybersecurity experts to investigate the attack’s origin, methods, and pathways while working to restore full system integrity.

Maternus-Kliniken AG acknowledged the possibility of financial repercussions from the incident, noting that previously forecasted economic performance might be affected, though no specific loss estimates or timeline for recovery were provided. The organization’s public disclosure adhered to regulatory obligations under Article 17 of the EU Market Abuse Regulation, with investor relations contact Mario Ruano-Wohlers designated as the responsible party for communications. No additional technical details regarding attack vectors, threat actor attribution, or specific compromised systems were disclosed in the initial announcement. The company maintained its Berlin headquarters operations throughout the response phase while continuing to assess the breach’s implications for data protection compliance and stakeholder obligations.