ÖKK Kranken- und Unfallversicherungen AG

ÖKK Kranken- und Unfallversicherungen AG, operating under the brand ÖKK, is a Swiss health and accident insurance company. It provides the mandatory basic health insurance required by the Swiss Federal Health Insurance Act (KVG) to residents of Switzerland. In addition to basic coverage, ÖKK offers supplementary health insurance products that complement the basic plan. The company also underwrites accident insurance policies that comply with Swiss accident insurance regulations. ÖKK serves private individuals, families, and employers, offering group insurance solutions for companies seeking to insure their workforce. Its distribution channels consist of direct sales, partnerships with brokers, and online platforms that enable customers to obtain quotes, manage policies, and submit claims. The insurer emphasizes preventive health services, such as wellness programs and health check‑ups, aimed at supporting the well‑being of its members. All of ÖKK’s products are designed to meet the regulatory standards set by the Swiss Financial Market Supervisory Authority (FINMA) and the Federal Office of Public Health (FOPH).

On 25 May 2023, ÖKK disclosed that it had been targeted by the Clop ransomware group, which exploited a known vulnerability in the MOVEit Transfer file‑sharing application. The attackers gained unauthorized access to a file‑sharing server used by the company and exfiltrated certain personal data fields, specifically the first and last names of affected individuals. ÖKK confirmed that its core health insurance administration systems, which store detailed medical claims and treatment information, were not compromised during the incident. Upon discovering the breach, the insurer activated its incident response plan, engaged external cybersecurity specialists, and began forensic analysis to determine the scope of the data exposure. Following the experts’ assessment that the compromised server could be secured, ÖKK restored the affected MOVEit Transfer service to operation after applying the necessary security patches. The company promptly notified its business partners and service providers whose data might have been included in the exfiltrated files, in accordance with contractual and legal obligations. At the time of the public disclosure, ÖKK was conducting an internal review to decide whether direct communication to its individual customers about the name data leak was required under Swiss data protection law. The episode underscored the importance of vigilant third‑party risk management and demonstrated ÖKK’s reliance on coordinated external expertise to contain and recover from a ransomware attack.