Information about Cyber Secruity
Information for our patients and customers about an ongoing data incident
Ottobock SE & Co. KGaA and some of our subsidiaries fell victim to a cyber attack in the summer of 2022. We now know that data was taken from our servers during the attack. What this means is that although this data was breached, it remains on our servers and was not encrypted. We currently have no reason to believe that patient data was affected by the incident. However, we cannot rule out the possibility that some of the data that was taken belonged to our customers.
As a precautionary measure, we are writing to all patients and customers to inform them about the incident.
Information about patient data
Multiple servers were accessed during the cyber attack. The servers affected by the cyber incident are not primarily used to store patient data. Therefore, we do not believe that patient data has been affected. However, we cannot rule out the possibility that patient data, including data concerning health, was stored on these servers and therefore might have been breached.
As we consider the risk that the affected data also included patient data to be low, we are currently working on the basis that the data incident will not have any consequences for our patients (such as misuse of their data). Therefore, in our view, no direct action on your part is necessary. However, if you receive a message from us in the near future that seems unusual, please contact us at email@example.com.
Information about customer data
Customer data was stored on the servers affected by the cyber attack. Therefore, we cannot rule out the possibility that data belonging to our customers, including personal data, was affected by the incident. Should this be the case, there is a particular risk of this data being used fraudulently. Customers might be contacted to pay supposedly outstanding invoices. In view of this, we would ask you to be particularly careful. Please contact us if you receive any unusual messages from us in the near future. In this context, we would like to reassure you that only a customer’s in-house point of contact known personally to them can make changes to bank details. If you are in any doubt, please contact this person.
Cooperation with the authorities
The investigating authorities and the responsible data protection authority have been made aware of the cyber attack. We are in contact with these authorities. Forensic investigations are ongoing and we are continuing our efforts to fully understand how and why this incident happened. In addition to carrying out extensive internal investigations, we have commissioned an external service provider to search the Internet for data belonging to our group of undertakings that might have been published online or made accessible via other means. So far, no evidence of this data being offered “for sale” has been found.
If you have any questions about the cyber attack, please do not hesitate to contact us at any time at by sending an e-mail to firstname.lastname@example.org.
Many thanks for your understanding and cooperation.