Bitmarck shuts down systems, services after cyberattack • The Register

IT giant Bitmarck shuts down customer, internal systems after cyberattack
6 comment bubble on white
Patient data 'was and is never endangered', says medical tech slinger
iconJessica Lyons Hardcastle
Mon 1 May 2023 // 18:55 UTC
German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack.

The company, one of the largest service providers for German health insurers, said no customer, patient, or insured individuals' data had been accessed in the security breach — at least not according to "the current state of knowledge," according to an April 30 update posted on its temporary website.

Patient data "was and is never endangered by the attack," the alert read, noting that this sensitive information is subject to "special protection" under Germany's Gematik healthcare data regulations.

"The security of customer, insured and patient data had and still has the highest priority both when defending against the attack and when putting our systems back into operation," Bitmarck assured customers.

Bitmarck sunk
The service provider doesn't yet have a timeline for when it expects to have all of its systems back up and running. "It should be noted that the systems can be put back into operation at different speeds depending on the customer situation," according to the alert.

"Services that are already available or will be available shortly include, in particular, the digital processing of electronic certificates of incapacity for work (eAU) and access to the electronic patient file (ePA)," it noted, adding that other key services, including monthly transmission of statistical data, the KIM digital communication service, and health insurance companies' central processing services "will be available again shortly."

Capita has 'evidence' customer data was stolen in digital burglary
That 3CX supply chain attack keeps getting worse: Other vendors hit
European air traffic control confirms website 'under attack' by pro-Russia hackers
Google sues CryptBot slingers, gets court order to shut down malware domains
Bitmarck said it's also looking into setting up a short-term IT environment to bring health insurers' central processes — such as payments — back online.

While its IT and security teams are "working to restore the systems as quickly as possible," it may be a while before its managed services are performing at pre-cyberattack levels," the company warned. According to the notice:

Even if BITMARCK is gradually providing services again for the first statutory health insurance companies and some statutory health insurance companies are hardly affected by the disruptions, there will continue to be considerable restrictions in day-to-day business for the foreseeable future. This is due to the fact that in some cases entire BITMARCK data centers were taken offline, individual services may have to be shut down again and the restarting of individual services is associated with renewed temporary service failures. In order to fully restore normal operation, emergency solutions must also be switched back to normal operation, which can lead to short-term service failures.

Bitmarck "cannot answer" the question of who attacked its network and how, and at press time did not respond to The Register's inquires about how the intruders broke in, and what data they accessed in the breach.

After the firm's early warning tool detected a breach of one of its internal systems, Bismarck said it "immediately" informed law enforcement and government regulators, and brought in external security experts.