Cyber Incident Victim: Medatixx
Date:
Nov 2021
Location:
Germany
Summary
A German medical software vendor experienced a ransomware attack disrupting its internal IT operations, prompting precautionary password resets for users of its practice management systems. While client systems reportedly remained unaffected, the company acknowledged potential unauthorized access to stored credentials and could not rule out data theft, leading to notifications to Germany's data protection authority. Operational recovery was partial, with only email and telephone systems restored initially, while investigations continued to assess potential impacts on patient, doctor, or client information. The incident occurred during a period of heightened strain on Germany's healthcare system amid a COVID-19 surge, with the vendor's software serving approximately a quarter of the country's medical centers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack targeted Medatixx, a German medical software vendor serving over 21,000 healthcare institutions, in late October or early November 2021. The incident severely disrupted the company’s internal IT systems, forcing operational impairments across its infrastructure. Medatixx confirmed the attack did not directly compromise client practice management systems (PVS) but acknowledged uncertainty regarding potential data theft. The company could not rule out that threat actors accessed customer passwords stored within its systems during the breach. As a precautionary measure, Medatixx advised all users of its software products—including easymed, medatixx, x.comfort, x.concept, x.isynet, and x.vianova—to immediately reset application passwords, Windows workstation/server logon credentials, and TI connector passwords.
By November 9, 2021, Medatixx had partially restored email and central telephone services but remained unable to estimate a full recovery timeline. Regional sales partners and customer support channels remained operational throughout the incident. The company formally notified Germany’s data protection authority of the breach, pending further investigation to determine if attackers exfiltrated client, doctor, or patient data. Industry analysts noted Medatixx software’s widespread adoption across approximately 25% of German medical centers, suggesting the incident could represent the largest cyberattack to date on the country’s healthcare infrastructure. Unconfirmed reports speculated attackers might have harvested remote maintenance system credentials. The breach occurred during a surge in Germany’s COVID-19 caseload, amplifying operational pressures on healthcare providers reliant on Medatixx systems.