AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information.
The organization published a statement on its website, as required by Article 34 of the General Data Protection Regulation (GDPR), which mandates a public notice in the event of a data breach.
AMEOS is a Zurich-based healthcare provider that employs 18,000 staff in over 100 hospitals, clinics, rehabilitation centers, and nursing homes located across Switzerland, Germany, and Austria.
It is one of the largest private hospital groups in the broader DACH region, with over 10,000 beds and annual revenue exceeding $1.4 billion.
AMEOS informs that, despite the "extensive security measures" in place, external actors gained unauthorized access to its IT systems and accessed sensitive information.
"Data belonging to patients, employees, and partners—as well as contact information relating to you or your company—may have been affected due to unauthorized access," reads the announcement.
"It cannot be ruled out that this data may be misused on the internet to the detriment of those affected or made accessible to third parties."
In response, AMEOS has shut down all IT systems and terminated all external and internal network connections. Additionally, it reinforced existing measures and contracted external IT and forensic experts to aid with response efforts.
The data protection authorities in the countries have been informed accordingly, and a criminal complaint was filed with the police.
People who have received care at AMEOS facilities are advised to remain vigilant against phishing and scam attempts.
... continue reading