SeneCura: leading provider of nursing and healthcare services in the private sector

An IKARUS/Mandiant success story.

SeneCura is one of the market and innovation leaders in inpatient care. The SeneCura Group operates 90 health and care facilities in Austria with around 7,300 beds and care places. In addition to inpatient care, it offers home nursing care and assisted living in SeneCura BePartments. Many of these facilities have integrated kindergartens in the sense of generation houses. Since 2021, the EMG Academy in Graz, a specialist academy for health, nursing and social care, has also been part of the SeneCura Group.

In the health segment, the portfolio of the SeneCura Group includes OptimaMed facilities with outpatient and inpatient rehabilitation centres, health resorts with offers for Gesundheitsvorsorge Aktiv (GVA) and cure, therapy centres and a dialysis centre. Care facilities in Slovenia, the Czech Republic and Croatia as well as a dialysis facility in Slovenia complete the offer.

Since 2015, SeneCura has been part of the French ORPEA Group, which is one of the leading international providers with care and healthcare facilities in 22 countries. SeneCura is responsible for the Central and Eastern Europe region as a competence centre.

24/7 operation and high availability as the main IT challenge

A relatively small team of six internal IT employees for Austria and the cluster cares for about 5,000 clients. Additionally, there are seven internal IT employees for Switzerland.

Heinz-Jürgen Köberl, Head of IT Cluster CEE

Heinz-Jürgen Köberl, Head of IT Cluster CEE (© SeneCura/OptimaMed/Senevita)

“The challenges for the IT infrastructure are complex because round-the-clock operation is necessary in care. Also the requirements for availability are high,” says Heinz-Jürgen Köberl, Head of IT CEE Cluster, summing up the responsibilities of his department.

External service providers are used for support, especially in the IT infrastructure area for provisioning and operating services. There are no IT staff on site in the individual buildings; ideally, the building services are IT-savvy and perform simple tasks such as changing keyboards themselves. All other tasks are carried out centrally. Great importance is attached to information security training for staff. Documents are made available centrally by ORPEA and quarterly mailings are sent out by Cluster IT on current topics such as phishing attempts.

IT security: patient data particularly worthy of protection

By its very nature, XY stores many sensitive personal data, such as health data of the people cared for. The IT end devices are mostly not visible via the internet. Targeted attacks are rather rare.

However, like other companies, they are exposed to attacks in the email sector, for example; this applies to spam as well as phishing attacks. The hackers are less interested in stealing data, but rather in opening a gateway for ransomware attacks. The aim is to encrypt data in order to launch blackmail attempts.

Successful cooperation with IKARUS and Mandiant in incidents response

Identifying attack activities and responding optimally to current and future threats are among the core competencies of information security today and are essential for maintaining business operations. The starting point for the search for a suitable incident response provider was an incident: e-mails from SeneCura to business partners had been intercepted. With Incident Response, the task was to find out when a breach had occurred and whether it still existed.

SeneCura requested two companies from Austria and one from France for support, including IKARUS together with the internationally renowned partner Mandiant. The quick response time to the request, an offer that was within the financial framework and the rapid availability of the experts tipped the scales in favour of commissioning IKARUS/Mandiant.

“Only ten days passed from the initial request to the start of activities. And already in Mandiant’s first interim report, the potential causes could be narrowed down considerably. The combination of software and experience of the experts in the targeted search for weak points has enthused us,” Heinz-Jürgen Köberl sums up the first experiences with IKARUS and Mandiant.

After a short time, it was already clear what the breach was and what size of damage could be assumed. Thanks to the knowledge and experience of the incident response experts, the targeted investigation of several terabytes of log data and the analysis of which mailboxes were affected could be completed quickly. “The effort on our side for the installation of the software, the provision of the log data and few short coordination meetings was low,” Heinz-Jürgen Köberl recalls.

Mandiant provided a comprehensive service and IKARUS mediated quickly and purposefully. Helpful was not only the professional English-speaking handling with Mandiant, but also the German support by IKARUS. 24/7 support by IKARUS for SeneCura’s IT security incident response management is planned for the future.

The triangle man – technology – process as a challenge in the future

The use of IT usually requires the interaction of the elements of people, technology and process. Each of these elements has other potential vulnerabilities. People are increasingly challenged.

“I see the increasing conflict between comfort and safety – people tend to prefer comfort. So we have to focus specifically on people’s risk awareness; that’s where I see the biggest risk,” is Heinz-Jürgen Köberl’s assessment of the situation.

In technology, the trend is to treat all possible contact points for threats. While in the past it was mainly the network that was secured, today and in the future more and more endpoints will be operated outside the network. Home office and mobile devices have established themselves for business work. Smartphones are increasingly becoming a point of entry; in addition to mobile device management, mobile threat detection is therefore also increasingly important.

In terms of process, the focus is on IT service continuity; this includes incident response, but also prepared emergency measures––and the ability to implement these measures.


SeneCura Kliniken- und Heimebetriebsgesellschaft m.b.H.

Health / care


IKARUS managed.defense
IKARUS 24/7 incident.response

Advantages with IKARUS 24/7 incident.response

  • Guaranteed access to the resources of IKARUS and Mandiant
  • 24/7 on-call service for immediate contact with security experts
  • Maximum 4 hours reaction time until the start of the investigations
  • Efficient processes due to proven 3-phase model
  • Minimised impact of damage
  • Optimised  cyber resilience
  • Full cost transparency

IKARUS 24/7 incident.response data sheet

Advantages with IKARUS managed.defense

  • Experienced teams of experts from IT-, OT- und IoT-security
  • Knowhow-transfer and support as required
  • Global und locale threat intelligence with local service and support
  • Seamless integration into existing IT and OT systems

IKARUS managed.defense data sheet


IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500


Support hotline:
+43 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download