Cyber Incident Victim: Bundesinnungskrankenkasse Gesundheit
Date:
Mar 2023
Location:
Germany
Summary
The BIG direkt gesund health insurer experienced an unauthorized access incident to its IT systems. The organization, working with external experts, later determined that data was accessed and partially exfiltrated during the breach. Monitoring revealed that some of this data was subsequently published on the darknet. The exfiltrated information potentially includes sensitive personal health data. The insurer is conducting a forensic analysis to identify the specific data impacted and is working with law enforcement and data protection authorities to investigate the incident and restrict the further spread of the published information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 28, 2023, the German health insurer BIG direkt gesund experienced an unauthorized access to its IT systems. The organization responded by immediately initiating a comprehensive review of its entire IT infrastructure in collaboration with external experts. This initial investigation included an in-depth analysis to determine whether the security incident had resulted in a data exfiltration event. Due to the complexity and sheer volume of data residing on its systems, the process of identifying which specific data may have been accessed and stolen was described as very complex and laborious.
The investigation into a potential data breach continued for nearly three months. On June 21, 2023, the organization obtained knowledge that data had indeed been accessed and partially extracted during the initial unauthorized access. This confirmation was followed by the detection, via ongoing monitoring, of a publication of individual data samples on the darknet. These published data were assessed as potentially originating from the IT security incident that occurred in March. The organization is currently analyzing these published datasets to determine their full content and origin. Should the analysis reveal that specific individuals' data is among the published information, the company has committed to contacting those affected as quickly as possible. The incident involved sensitive health information, which the company acknowledged as being of the highest concern. In response to the attack, BIG direkt gesund is working closely with external specialists, law enforcement agencies, data protection authorities, and the Federal Office for Information Security to clarify the incident and identify measures to restrict the dissemination of the published data. The company has taken the event as an opportunity to intensively review its security protocols and implement additional security measures, including a complete rebuild of its systems alongside a comprehensive audit of its security posture to prevent similar future attacks.