Cyber Incident Victim: Medizinischer Dienst Niedersachsen

The Medizinischer Dienst Niedersachsen (MD Niedersachsen) was the target of an attack on its computer systems. This incident occurred on or around June 10, 2023. In direct response to the security event, the organization proactively shut down its primary communication channels as a precautionary safety measure. This decisive containment action resulted in a complete loss of external communication capabilities for the organization. From June 10, 2023, until June 26, 2023, the MD Niedersachsen was unreachable by telephone, email, or fax. This extended outage prevented patients, their relatives, and partner organizations from making any contact with the service provider for over two weeks.

The impact on the core service of conducting medical assessments was severe and immediate. Scheduled assessments were canceled and did not take place as a direct consequence of the IT security incident. The organization publicly apologized for these cancellations and the resulting inconvenience, acknowledging the disruption to those awaiting vital services. The operational paralysis extended to the processing of new assignments. Any orders sent to the MD Niedersachsen by health and long-term care insurance companies between June 9, 2023, and June 24, 2023, at 14:01 did not reach the organization and were effectively lost, requiring them to be resent once operations resumed.

Internal systems and procedures were also significantly affected. The DTA procedure, a data transfer mechanism used for communicating with partner insurance companies, was taken offline and rendered inoperable. The attack crippled the organization's entire IT infrastructure, forcing a complete cessation of normal business operations. The specific nature of the attacker's actions, such as the initial attack vector or whether data was accessed or exfiltrated, was not publicly disclosed by the organization in the provided information.

By June 26, 2023, the MD Niedersachsen had progressed in its recovery efforts to the point where it could restore public access. On that date, the organization announced that its regular communication channels were once again available. This included the restoration of email, fax, and the contact forms on its official website. The dedicated service hotlines also resumed operation during their standard hours: Monday to Thursday from 8:00 AM to 4:00 PM, and Fridays from 8:00 AM to 2:30 PM. The organization cautioned that due to a significantly high volume of accumulated inquiries, callers should expect and prepare for longer than usual waiting times when attempting to contact the hotlines.

The recovery process involved meticulous work to restore systems and re-establish data flows. The DTA procedure for communication with insurance funds was successfully restored and began running again, marking a critical step in resuming normal business-to-business operations. A specific system-side function was implemented to automatically identify and remove any duplicate orders that were resent by insurance companies, ensuring data integrity as the backlog was processed. To manage the substantial backlog of canceled assessments and new orders, the MD Niedersachsen implemented modified procedures. In an effort to ensure the fastest possible processing and issuance of decisions by the insurance funds, the organization announced that assessment appointments would only be announced via postal mail. This change in procedure was coupled with a specific request that the public understand that the service could not assign any assessment appointments by telephone due to the overwhelming volume of work and the continued focus on recovery efforts. The public statement confirming the restoration of services and outlining these new temporary procedures was issued on June 27, 2023, providing a clear status update to all affected parties.