BIG direct: Cyber attack paralyzes health insurance
The health insurance company “BIG direkt Gesund” had to shut down its systems after a suspected cyber attack and was unavailable to the insured for days. In the meantime, the first functions have been restored, a spokesman told heise online, and accessibility has also improved. Around 513,000 insured persons are affected.
While external signs suggest a cyber attack – possibly with ransomware – the health insurance company does not want to confirm this on request and speaks of “unauthorized access” to their systems. This was found on March 28th. As a result, all connections were immediately cut and the affected servers were shut down.
A spokesman for the health insurance company told heise online that there was no evidence that data had been leaked. BIG called in external IT experts and reported the incident to the investigating authorities and the responsible supervisory authorities.
The affected systems would now gradually be put back into operation, it said. The priority is the payment of benefits, which started again at the beginning of the week. Communication with the insured could also be resumed, but bottlenecks could still occur.
Attack on IT service providers with repercussions
According to BIG, there is no connection with the cyber attack on the IT service provider Materna, which was also discovered at the end of March. The Dortmund-based IT service provider Materna Information & Communications SE fell victim to a comprehensive “cyber attack at network level” on March 25 and had to shut down affected servers and services. According to information from heise online, this is an attack with ransomware, even if Materna has not yet confirmed this.
Cyber attacks on public institutions such as health insurance companies or central service providers such as Materna have a massive impact. More than half a million policyholders are affected by the BIG. The full extent of the attack on Materna cannot yet be foreseen, but individual system failures, for example in air traffic, can be traced back to the attack.
Check-in down in Hamburg and Berlin
Immediately after the attack, the self-check-in machines at Hamburg and Berlin-Brandenburg airports, which are operated by Materna, failed. The machines are now working again, and Easter travel is not affected, said a spokesman for the Berlin-Brandenburg airport company.
Lufthansa also had problems as a result of the attack on Materna. The check-in machines at Frankfurt Airport and online check-in were affected. The services were interrupted immediately after the attack became known and alternatives were created, said a Lufthansa spokesman. “At this time there is no indication that customer data was stolen or compromised in the attack.”
Hannover Transport Association also attacked
On Friday last week, the transport company of the Lower Saxony state capital Hanover (Üstra) got caught. The company had to stop selling the Deutschlandticket. Customer service is only available to a limited extent. All computer systems have been shut down. Üstra reported the incident to the police and called in external experts in addition to its own company IT, said a spokesman. Again, this is not confirmed to be a ransomware incident.
Today, Thursday, Üstra announced that the Deutschlandticket would be bookable for June 1, 2023. If you want to book it from May 1st, you can place the order in the “FahrPlaner app”. The order is possible until April 30th. This works thanks to a cooperation with the transport association Bremen/Lower Saxony. Incidentally, there could also be delays with the 365-euro ticket as a social and job ticket in the Hanover region.
Whether these various attacks are connected in any way cannot be said at the moment. The companies concerned do not provide any details, citing ongoing investigations. It is therefore not known whether and which ransomware was used.
The storage media manufacturer Western Digital recently reported an attack. A university hospital in Barcelona, Spain had to postpone surgeries as a result of a ransomware attack.
According to a survey by the security provider Nord Security, there were 2,263 ransomware attacks worldwide last year, 96 of them in Germany. Almost 2,000 companies worldwide were affected. However, it can be assumed that not all attacks will be known. Nord Security attributes these attacks to a total of twenty ransomware groups, with Lockbit being among the most active with a third of the attacks and Conti with a quarter.