On August 27, 2024, the Klinik am Kurpark in Reinhardshausen became the target of a serious cyberattack, which disrupted its central IT systems. The clinic’s management immediately responded by isolating the affected systems and ensuring they were checked and secured. Along with securing the IT infrastructure, the clinic involved various authorities, including the police, the State Criminal Police Office, the public prosecutor’s office, and the Hessian data protection supervisory authority. Additionally, a team of external IT security specialists was brought in to investigate and address the breach.
The cyberattack, attributed to criminal actors, likely compromised sensitive personal data of patients, employees, and business partners. The attackers encrypted data in the clinic’s systems but had already gained access to personal information before doing so. While the clinic’s management confirmed the breach affected personal data, the full extent of the compromised information is still being assessed. The clinic is cooperating with the authorities and experts to identify what specific data was exposed.
Despite the breach, the clinic has reported that its general operations, including patient admissions, remain largely unaffected. While some services, such as the patient app, are currently unavailable, the clinic has switched to analog processes to continue providing care. The clinic’s management has stressed the importance of transparent communication with affected individuals and is actively working to mitigate the impact of the attack on both operations and personal data.
The clinic has expressed its commitment to ensuring that patient and business partner data is protected and that the incident will be thoroughly investigated. With the support of external experts, Klinik am Kurpark is prioritizing the restoration of its IT systems and implementing additional security measures to prevent future breaches. The clinic’s swift response and continued efforts to secure its systems highlight the seriousness with which it is addressing this cyberattack.
Reference:
