Cyber Incident Victim: BIG
Date:
Mar 2023
Location:
Germany
Summary
A German health insurer, BIG direkt gesund, suffered an unauthorized access incident that compromised its IT systems and led to the exfiltration of sensitive health information. The breach was discovered after monitoring identified the appearance of some of the company's data on the Darknet. An ongoing forensic analysis is determining the full scope of data affected, and the insurer has stated it will notify individuals if their information is found among the published data. The company is collaborating with external IT security experts, law enforcement, data protection authorities, and the Bundesamt für Sicherheit in der Informationstechnik to investigate the incident and contain the data leak. It has begun rebuilding its systems and is strengthening its security protocols to prevent future attacks. A dedicated hotline has been established for affected individuals to seek further information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 28, 2023, BIG direkt gesund experienced an unauthorized access to its IT systems. Immediately following this security incident, the company, together with external experts, initiated a comprehensive review of its entire IT infrastructure. A primary focus of this investigation was a detailed forensic analysis to determine whether the unauthorized access had resulted in a data leak. The complexity and vast volume of data stored on their systems made this investigation particularly arduous. On June 21, 2023, this analysis confirmed that during the intrusion, data had indeed been accessed and partially exfiltrated. Subsequently, through its monitoring activities, the company identified the publication of individual data sets on the Darknet that likely originated from the March IT security incident. The affected data includes sensitive personal health information, the security of which is stated to be of the highest priority for the organization.
The company is currently engaged in the active analysis of the data published in the Darknet to ascertain its exact provenance and content. BIG has committed to contacting individuals directly and as quickly as possible should it find evidence that their specific personal data is among the published information. The investigation and recovery efforts are being conducted in close cooperation with external IT security specialists, law enforcement authorities, data protection regulators, and the German Federal Office for Information Security (BSI). As part of the containment and recovery process, the company is comprehensively rebuilding its IT systems with the support of these external experts. This incident has prompted an intensive review of existing security protocols and the implementation of additional protective measures to prevent future attacks, despite the organization's previously high security standards. The company expresses sincere regret that this attack succeeded in allowing unauthorized parties to retrieve data, particularly given the sensitive nature of the health-related information involved.