The IT service provider Bitmarck, which is responsible for the IT of several statutory health insurers, has been hacked – for the second time this year. Operations at the health insurers are restricted, and data is potentially at risk.
Second attack in the current year
Earlier this year, Bitmarck fell victim to a cyberattack. As part of this attack – according to the computer magazine C’t– a data set comprising 130 MBytes was stolen. The data set was then published in forums. Included are names, dates of birth, insurance numbers and hashed passwords of insured persons. Bitmarck stated at the time that no data had been leaked, which is demonstrably false.
Now the company has been hacked again. A notice on the IT service provider’s website informs about this. As a result, numerous systems that are important for the health insurers’ IT were taken offline. The use of the electronic patient file and the delivery of digital certificates of incapacity to work are currently not possible. Furthermore, checks of co-payment exemptions are temporarily not possible. Along with the note on the attack the company writes that no data has been leaked: “As things stand, no data of customers or insured persons has been affected. Nor, according to current knowledge, was there an outflow of other data.” However, against the background of the misinformation in the previous attack, this information should be treated with extreme caution.
Lack of security at Bitmarck and health insurers?
The fact that this is already the second successful attack in the current year raises the question of what the state of IT security is at Bitmarck and thus at the health insurance companies that rely on this IT service provider. In this context, it is also interesting to note that it was possible to steal the access data of an employee during the last attack. As a result, the attackers were able to access e-mails, remote desktop applications and an instance of the Jira collaboration software. This was ultimately used to tap into the personal data that was eventually found in an Internet forum. It is not known why they were present in Jira and why two-factor authentication was not used.
It is not yet possible to predict how long the current attack will last, when the health insurers will be able to offer their services in full again, and what consequences can be expected.