Multiple German hospitals impacted in billing provider data breach

In yet another significant software supply chain attack, a string of German university hospitals have suffered breaches after hackers compromised a leading billing services provider whose services are used by numerous hospitals.

 

Hackers targeted leading German medical billing services provider Unimed on April 14, stealing vast amounts of patient data which Unimed processes on behalf of its clients, including universities and medical centres in Mannheim, Wurzberg, Freiburg, Berlin, Tubingen, Hamburg, Cologne, Mainz, Bonn, Augsberg, Regensburg, and more.

 

Unimed stated in a press release that the stolen data contained information about billing disputes raised by insured and self-paying patients at university hospitals and clinics that used its services. The billing services provider was able to repel further attacks before the hackers could encrypt its network.

 

"After becoming aware of the incident, Unimed proactively disconnected its data interfaces to its customers and reported the incident to the relevant authorities and the police," the company said. "Subsequently, Unimed kept both its customers and the authorities regularly informed of the latest secure status. Since the beginning of the incident, there has been close communication with all customers who had or have questions about it."

 

The company said that after repelling the cyber attack, it took steps to secure its IT systems and conducted a thorough analysis of the stolen data with help from external data forensics experts. The company quickly shared the results of the analysis with all affected university hospitals and clinics to help them conduct their own risk assessments as quickly as possible.

 

Unimed did not reveal how hackers gained access to its IT systems, but reassured clients and customers that its incident response protocols to secure its systems had been certified by IT forensic experts and all of its systems are now fully operational.

 

"For unimed, protecting the data of its employees, customers, and their patients is of utmost priority. Therefore, unimed will continuously adapt the security of its IT systems to the dynamically evolving security requirements, keeping pace with the latest technological advancements," it added.

 

The impact of the cyber attack on Unimed was extensive. Freiburg university hospital announced this week that the cyber attack had compromised the personal data of about 54,000 patients and the billing information of approximately 900 people, and University Hospital Cologne said that hackers had obtained names, addresses and treatment information of about 30,000 patients.

 

Heidelberg University Hospital, one of Germany’s largest medical centres which provides inpatient, day-care and outpatient treatment to about 2 million patients every year, Ulm University Hospital and Mannheim university hospital also disclosed the compromised of data of thousands of patients as a result of the cyber attack on Unimed.

 

University Hospital Cologne said in a press release that following the cyber attack, it has suspended all data transfers to Unimed until further notice, informed law enforcement agencies and filed a criminal complaint with the public prosecutor’s office. 

 

"Even though the experts involved from the service provider consider a publication of the stolen data unlikely, the University Hospital of Cologne will personally inform all affected individuals about the incident in the coming days," it added.