AMEOS, a major European healthcare network, recently disclosed a data incident.
According to Bleeping Computer, the AMEOS Group announced a security breach that exposed customer, employee, and partner information to unauthorized users.
Following the incident, AMEOS published a statement on its website, as required by the General Data Protection Regulation (GDPR).
The notice stated that the breach resulted in all internal and external network connections being disconnected and shut down. For a short period of time, the group was only available via telephone. Systems have since been restored.
The organization stated, “Despite extensive security measures, we were unable to prevent an attack and, subsequently, a brief access to our IT systems. We deeply regret this.”
AMEOS stated that, following the discovery of the incident, the company immediately engaged IT and forensic service providers. The company also filed a criminal complaint and is conducting an investigation. It’s currently unclear how the attack began or if any ransom demands were made.
The company said it currently does not have concrete confirmation that data has been leaked, but is advising individuals to remain diligent in protecting their data. The company also encouraged individuals to be wary of dubious-looking advertisements or job offers in their inbox.
The company currently has over 100 facilities at over 50 locations, employing over 18,000 people. The company serves approximately 500,000 individuals a year. They are a top healthcare providers in Austria, Germany, and Switzerland.
While it’s currently unclear how large the impact of the breach is, it’s possible the incident could affect millions. The United States was recently hit by the massive Change Healthcare data breach, further showing that large healthcare organizations are increasingly being targeted, often resulting in lengthy investigations and hefty fines.
As the incident continues to unfold, we’ll likely learn more about the real impact of the breach and any lasting repercussions, such as class action lawsuits, updates to AMEOS’ cybersecurity systems, or any broader implications for the industry in Europe.
The General Data Protection Regulation (GDPR) is the European Union’s privacy and security law. It includes requirements for companies regarding consumer information and healthcare data. Although the GDPR is generally more stringent, it is comparable to the U.S.HIPAA regulation.
AMEOS is a Swiss hospital group, running approximately 68 facilities involved in public healthcare. The company offers medical services, including psychiatric services, acute care, rehabilitation, and outpatient care.