Recently, the IT service provider Medatixx was the victim of a cyber attack. The company says it has a market share of over 28 percent with its software products for medical practices, outpatient clinics and physician networks.
The attackers gained access to the IT service provider Medatixx and used encryption software to encrypt Medatixx data (for later blackmail). This Procedure becomes more and more frequent. Even if it is assumed that the target of the attack was the IT systems of Medatixx and not those of the customers, it cannot be ruled out that customer data and access to customer systems (which an IT service provider usually has and is therefore a very lucrative target) were also tapped. The affected medical practices are advised to change all passwords (this is already a clear sign that access to customer systems and/or customer data is affected).
Manufacturer of software for medical practices
The IT service provider produces software for medical practices, outpatient clinics and physician networks. The software products are used nationwide. According to its own statement, around 40,000 doctors are customers.
Most software is used to manage patient data and automatically access the telematics infrastructure (TI). Thus, it is also about interfaces that affect the processing of all relevant and protectable patient data.
Target of the attack
The exact target of the attack and the vector of entry are not publicly known, according to current information.
Mostly, attackers extract data + encrypt it at the victim's site to extort money. In order to extort money several times, attackers create additional access points (e.g. reverse shells and Backdoors) in IT systems of the victim to repeat the extortion over and over again.
It cannot be ruled out that data was extracted during the attack in order to later carry out further blackmail, e.g. threats to publish sensitive data and attacks by evaluating captured access data.
Thus, it cannot be ruled out that not only personal data, but even special category data are involved (health data).
Consequences of the cyber attack not only for medical practices
At the moment, the corresponding practice management systems can still be used without restriction, so that operations can continue at the affected medical practices.
The IT service provider Medatixx has already addressed all customers with a notice requesting them to change all passwords. This refers in particular to the passwords for the practice software, the Windows logon of workstations and servers, and those of the respective TI connector.
It seems particularly explosive that the TI connector represents an access point for secure exchange with health insurance companies and other healthcare institutions. It is therefore central to the digital patient file. If the attacker has stolen passwords for this, the cyber attack could pose a non-negligible threat to the nationwide healthcare system.
Measures in the event of a cyber attack
The IT service provider must address all customers quite transparently and disclose the extent of the attack so that customers can initiate countermeasures (change passwords). To support customers in this challenging situation, the company has also provided brief instructions on its website on how to do this.
In addition, Medatixx is working with the support of IT specialists to evaluate the attack in order to be able to determine the specific threat and to work on an appropriate solution to the problem. In accordance with regulations, the responsible data protection authority and the investigating authorities were also informed and called upon to assist.
If you would like advice on how to proceed in such a case or on preventive measures, our experts will be happy to assist you.