IT Giant Bitmarck Suffers Crippling Cyberattack

Wednesday, 3 May 2023
bitmarck.jpg

German IT giant Bitmarck has been forced to shut down entire data centres following a crippling cyberattack, causing headaches for the German health insurance sector. Affected Bitmarck customers include SBK, one of Germany’s largest health insurers, which has seen its phone, email, and application services brought completely offline.

The service provider released a statement on April 30 via its temporary website that attempted to explain the situation. "The security of customer, insured and patient data had and still has the highest priority both when defending against the attack and when putting our systems back into operation," the statement reads. Bitmarck additionally attempted to reassure concerned customers, stating their health information has "special protection" under Germany's Gematik healthcare data regulations.

"It should be noted that the systems can be put back into operation at different speeds depending on the customer situation," the alert continues. "Services that are already available or will be available shortly include, in particular, the digital processing of electronic certificates of incapacity for work (eAU) and access to the electronic patient file (ePA)". Other key services, including the health insurance companies' central processing services "will be available again shortly."

Although the Bitmarck IT and security teams are "working to restore the systems as quickly as possible," the company warns that "it may be a while before its managed services are performing at pre-cyberattack levels." It notes that "there will continue to be considerable restrictions in day-to-day business for the foreseeable future."

A spokesperson for Bitmarck was approached for comment, yet chose not to answer questions pertaining to how the intruders were able to break into the network, nor questions regarding exactly what data was exfiltrated. Bitmarck is reportedly "working closely with its customers, the Federal Ministry of Health, associations, Gematik and other players in the healthcare market to process the incident."

Daniel Selig, a security automation architect at Swimlane Inc. warns that data may indeed have been taken. "Although the company stresses that there are currently no signs of data theft, it is common for a data breach to be confirmed weeks or even months after the initial attack. In the event of a cyberattack, the recovery process can be lengthy, and there may be penalties for failing to identify and report unauthorized access".

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw