Incident Response, Breach

German health IT vendor Bitmarck goes offline amid cyberattack

Stethoscope on laptop keyboard.

A cyberattack against Bitmarck forced the IT services vendor to take internal and customer systems offline as part of its security protocols as it works to identify and address the impact. Bitmarck is a major IT vendor for a number of German health insurers.

On May 1, Bitmarck announced its “early warning systems” detected an attack on its internal systems. The team conducted an impact analysis as it worked to bring systems back online “in accordance with a structured, security and priority-oriented process.”

“The systems can be put back into operation at different speeds depending on the customer situation,” officials said in a statement. Bitmarck’s previously established security guidelines dictate the method and speed of its shutdown, analysis and restart and were “agreed on by all parties.”

The measures were designed with the security of customer, member and patient data in mind. As such, the response team is prioritizing that data when bringing systems back online. Bitmarck said it is working with internal and external security specialists, as well as regulators and industry leaders to process the incident.

So far, the response team has been able to restore, or is ready to restore, the digital processing of electronic certificates of incapacity for work (eAU) and access to the electronic patient files. Following these services, Bitmarck plans to bring back internal health insurance services, including statistical data transmissions, specialist services and central insurance processing.

Bitmarck said it's working to determine if it can stack up an emergency operating environment for the short term to bring central processes for its health insurance companies back online, including payment transaction services.

While the team is working to restore the impacted systems as quickly as possible and slowly bringing back services for some insurers, officials expect “considerable restrictions in day-to-day business for the foreseeable future.”

The disruptions are caused by “the fact that in some cases, entire Bitmarck data centers were taken offline,” officials said. They may also need to shut down and restart individual services again, due to possible temporary service failures. 

“In order to fully restore normal operation, emergency solutions must also be switched back to normal operation, which can lead to short-term service failures,” officials said. These measures will be carefully performed to prevent as little disruption as possible to essential services, and alternative procedures will be used, whenever possible.

An investigation is ongoing, but officials have found no evidence of an “outflow of data” at Bitmarck, its customers or insurance members.

What’s more, the electronic health record and the patient data stored in the system “was never endangered by the attack” as the tech is “subject to special protection based on the Gematik regulations,” or the standards for telematics infrastructure as an “all-encompassing and secure data room.” 

“Of course, we take this attack as an opportunity to further improve our security protocols and to prevent similar attacks in the future,” officials stressed. Bitmarck said it was working with internal and external IT security experts to analyze, restart and reinstall our systems.

Second cyberattack to disrupt insurance plans this month

The Bitmarck attack marks the second to impact insurance companies within the last month. Point 32 Health, the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, is still facing service disruptions more than two weeks after a ransomware attack struck systems used for supporting service members, accounts, brokers and providers.

Upon discovery, the response team “proactively” took the Harvard Pilgrim Health Care systems offline to reduce the spread. Law enforcement and regulators were also notified, as the team works with an outside cybersecurity firm on its recovery efforts and investigation.

Despite best efforts, the cyberattack has led to disruptions for providers and members, some of which have reported issues with gaining prior authorizations for medical services. Officials say they’re “working around the clock to ensure Harvard Pilgrim Health Care members receive the services they need.”

The affected systems support Harvard Pilgrim Health Care’s commercial and Medicare Advantage Stride plans. Officials said systems tied to Tufts Health Plan, Tufts Medicare Preferred, Tufts Health Public Plans, and CarePartners of Connecticut were not impacted.

The investigation is ongoing and so far, Point 32 has not found evidence of patient data impacts. 

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.