The IT service provider Bitmarck, which is managed with the exclusive participation of health insurance companies and associations, was the victim of a cyber attack. Bitmarck sells and develops software that is used by health insurance companies to manage the data of more than 25 million patients. According to Bitmarck, it has taken systems offline, including its regular website.
The disruption at Bitmarck is said to be so massive that the health insurance companies cannot use certain services. These problems will probably not be solved anytime soon. The IT service provider provides software services for over 80 health insurance companies and associations. After all, he is a self-managed service provider. Loud impressum In addition to the BKK Dachverband eV, the shareholders of BITMARCK Holding GmbH are the company health insurance companies, the guild health insurance companies, the DAK-Gesundheit and other substitute health insurance companies.
No customer data leaked?
According to Bitmarck's website, the cyber attack was noticed early on and the systems would have been taken offline as a preventive measure. The responsible authorities were also informed of the incident. Initial analyzes carried out with external experts have so far not been able to identify any data leaks. However, Bitmarck also announced almost the same information in January. At that time there was a first attack on Bitmarck. Later, a data set with 330.000 entries was offered for sale on the dark web, said to come from Bitmarck servers.
Chain reaction with other health insurance companies
To call the attack merely a service disruption would be a gross understatement. According to various media, such as Spiegel, the customer app and the internal customer area on the website of the DAK are currently not or only partially usable. The Siemens company health insurance fund (SBK) was hit much worse. The Bitmarck attack caused all communication at SBK to fail. The SBK website informs “Important note: Failure of our IT systems. Due to the shutdown of our IT systems, we are currently not available by email, telephone and Meine SBK app.”
Sick leave partly on paper again
You have to know that the service provider Bitmarck is also involved in the development of the ePA - the electronic patient record - and also provides supporting services. Digital sick leave is also linked to this. As reported by Spiegel in a report, the service provided by the National Agency for Digital Medicine (Gematik) works, but the health insurance companies connected via Bitmarck only have disrupted access. Therefore, doctors currently have to pick up and fill out the yellow note again so that insured persons can submit a sick note. But Der Spiegel also wants to know that the situation has eased again and that more systems are working.
First attack on Bitmarck in January 2023
In Wikipedia there there are a few interesting entries under the term Bitmarck. The first attack on Bitmarck in January is described in detail there. The vulnerability at the time was stolen access data and the fact that two-factor authentication was not used. Further research by heise revealed that IT managers had used a single SSH key for full root access on over 1.000 servers. In addition, many short and identical passwords could be found in the widespread password lists. One can only hope that Bitmarck has acted better now.
Who is behind the cyber attack?
It is not yet clear who the attacker is. The APT groups like to report their attack successes on their leak pages. However, the attack cannot be found there yet. Groups such as BianLian, LockBit, ALPHV, BlackCat and Karakut are currently very active in this area. They were also probably responsible for recent cyber attacks, such as on the IT service provider Materna or the subsidiaries of the arms manufacturer Rheinmetall.
More at Bitmarck.de