Health giant AMEOS shuts IT systems after mystery attack • The Register
The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.
The organization, which is Swiss-owned but runs medical treatment facilities across the continent, said that unknown miscreants have penetrated its IT systems and may have accessed patient health records, along with data on businesses that work with the healthcare provider.
“As part of the security incident, all internal and external network connections were disconnected and all systems were shut down in a controlled manner,” AMEOS wrote in a post on Wednesday. “IT and forensic service providers were immediately involved. Existing security measures were reviewed and immediately tightened.”
Following the EU’s strict GDPR data protection laws, the private equity-backed health group issued a warning about the incident to its 18,000+ staff and an estimated 500,000 patients and suppliers, but no more details were available, given the IT network shutdown. The business says telephone calls are still an option for getting in contact, but all of our calls to executives and to the main number went straight to voicemail.
“Data of patients, employees, and partners, as well as personal/company contact information, could be affected due to unauthorized access,” AMEOS warned. “It cannot be ruled out that this data could be used online to the detriment of the data subjects or made accessible to third parties.”
Data of patients, employees, and partners, as well as personal/company contact information, could be affected due to unauthorized access
The business has called in forensic experts to examine what happened and if this data has been exfiltrated. So far, the usual ransomware forums haven’t posted any alerts that AMEOS data is available, but the organization has warned customers to be on their guard.
“Attackers could, for example, use the data they may have obtained from you, such as email addresses, to entangle you in scams, which is why you should be on the lookout for unauthorized, excessive, and dubious-looking advertisements or job offers in your inbox,” AMEOS said.
It’s possible that the incident is linked to the Microsoft SharePoint attacks by criminals using dual vulnerabilities disclosed last week. Over 400 organizations, including the US National Nuclear Security Administration and others, have been hit by attacks that appear to have only damaged on-prem systems, while Redmond’s cloud services seem immune.
But, when it comes to targets, healthcare is high on the list, as we’ve seen in the past, even to the point of stopping cancer treatments in exchange for ransoms, contributing to the deaths of some patients.
During the COVID lockdown, the operators of the DoppelPaymer and Maze malware families claimed that they would exclude medical facilities from their attacks – promises that were broken within days.
The fact of the matter is that healthcare is a prime target for such attacks because when life or death is on the line, businesses often have no choice but to do everything possible to fix their systems. Including paying up. ®
