A major healthcare network in Central Europe, AMEOS Group, has disclosed a significant cybersecurity incident that may have compromised sensitive data belonging to patients, employees, and business partners. The Zurich-headquartered organization published a breach notification on its official website in line with Article 34 of the EU’s General Data Protection Regulation (GDPR), which mandates transparency in such incidents.
The breach impacts AMEOS facilities across Germany, Austria, and Switzerland, and raises serious concerns about the growing threat of cyberattacks on healthcare infrastructure. The group operates over 100 medical facilities with 18,000 staff and more than 10,000 patient beds, generating over $1.4 billion in annual revenue. This scale makes it one of the largest private healthcare providers in the DACH region.
“Data belonging to patients, employees, and partners—as well as contact information relating to you or your company—may have been affected due to unauthorized access,” the company stated.
According to AMEOS, threat actors were able to gain access to internal IT systems despite “extensive security measures.” While the organization did not confirm whether the attackers deployed ransomware or encrypted data, it acknowledged that some personal data may have been accessed.
“It cannot be ruled out that this data may be misused on the internet to the detriment of those affected or made accessible to third parties.”
As a precaution, the company has taken all systems offline and severed both internal and external network connections. It has also brought in external cybersecurity and forensic experts to support the investigation and recovery efforts. Data protection authorities in all three countries have been notified, and a formal criminal complaint has been filed with law enforcement.
The company has advised individuals associated with its network—including former patients and employees—to stay alert for phishing attempts and other scams. As of now, there is no evidence that any of the stolen data has been leaked online or offered for sale.
“Currently, we have no specific evidence of an actual leak of your individual personal data,” AMEOS clarified.
“You will be informed immediately upon completion of the ongoing review and investigation measures via this page.”
The incident remains under active investigation. No known ransomware group has taken responsibility, and the nature of the attack—whether it involved data encryption or solely data exfiltration—remains unclear. AMEOS has not commented on whether a ransom demand was made or if negotiations with any threat actors are underway.
The breach highlights the ongoing cybersecurity risks facing large healthcare systems in Europe and the need for robust defenses to protect sensitive health data from unauthorized access.
