Skip to content

Search the site

Major German IT provider Bitmarck hacked, knocking health insurance offline for millions

IT provider serves 80 German health insurers

German IT provider Bitmarck said Sunday that it had been forced to pull entire data centres offline after a cyberattack, its second this year, with the incident to have significant impact on Germany’s healthcare system.

Bitmarck provides IT services for over 80 health insurance companies. Many have been left completely unable to contact Germany’s national hub of digital medical services, Gematik or lost all digital services.

The company did not specify the nature of the cyber incident, e.g. whether it had been hit by ransomware or pulled services offline before malicious payloads could be activated after detecting a successful intrusion.

Among those affected is SBK, one of Germany’s largest health insurers which has told its million-plus customers that its phone, email, and app have all been knocked offline as a result of the Bitmarck cyberattack.

Follow The Stack on LinkedIn

Bitmarck said that “there will continue to be considerable restrictions in day-to-day business for the foreseeable future.. in some cases entire Bitmarck data centers were taken offline, individual services may have to be shut down again and the restarting of individual services [may cause]  temporary service failures.”

It did say however that “according to current information, there has been no outflow of data, neither at Bitmarck nor at customers or insured persons… patient data was never endangered by the attack.”

The IT provider in January 2023 saw over 300,000 insurance policy holders’ data stolen from its internal systems, according to local site Heise, which said that attackers had gained access to Bitmarck’s Jira/Confluence environment –  and although the company had initially claimed that no policyholder data had been stolen, names, dates of birth, and insurance card identification numbers were all later found shared on the dark web.

Stephan Chenette, CTO at AttackIQ, a breach and attack simulation service provider, said: “Organizations must study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors… with data generated from continuous testing, security teams can focus on achieving key security outcomes, adjust security controls, and work to elevate total security program effectiveness.”

See also: Rackspace blames Microsoft over ransomware attack