Cybersecurity Attack Halts German IT Service Provider

Bitmarck, a German IT service provider, has stated that it has taken all its client and internal systems offline because of a cyberattack being discovered. The corporation stated on a temporary website that the cyberattack was identified by its early warning systems. In compiling with their security protocol, they took down their customer and internal systems from the grid in controlled manner and conducted an impact analysis. Additionally, the company believes the breach impacted none of the clients’ data. During the cyberattack, the patient data stored in the ePA, electronic patient file, wasn’t at risk and remained secured. The data was subject to special protection under the Gematik regulations. Gematik is Germany’s national agency for the digitalization of the healthcare system. 

According to a vice president of a cybersecurity company, it’s frequently challenging to detect signs of data theft. The big concern was if the Bitmarck infrastructure was leveraged to move laterally into their other healthcare environments. The large-scale healthcare infrastructure usually has an array of third-party connections to their internal environments and frequently views various associations. Tracking down the route any threat actor can take in and out has several layers of complexity. The tech behemoth clarified that would be significant restrictions in daily operations for the foreseeable future as entire data centers have been disconnected from the network since the cyberattack.

Even though several details emerged from the incident, it’s never wise to speculate about cybersecurity matters without having full insights. There has been a clear and distinct trend toward destruction for destruction’s sake in cybersecurity incidents of late. Threat actors destroyed backups, systems, and software for no apparent reason. Bitmarck appears to be implementing a solid restoration plan, staging its systems for a prioritized restoration approach to allow vital functions to run as quickly as possible. The cyberattack comes just a few weeks after the Russia-affiliated threat operating group, KillNet, was discovered targeting healthcare applications hosted on Microsoft Azure infrastructure.

With threat operators and ransomware groups looking for any opportunity to breach networks and steal sensitive information, it’s essential for companies to remain vigilant of the latest threat landscape and proactively have an incident response plan in place in case of a cyberattack. At SpearTip, our certified engineers continuously work at our 24/7/365 Security Operations Center in an investigative cycle, monitoring companies’ data networks for potential cyber threats. We offer our pre-breach advisory services to clients, which allows our engineers to examine their security posture within their networks for weak points. Our team engages with the companies’ people, processes, and technology to measure the maturity of the technical environments. Our experts provide technical roadmaps for all vulnerabilities uncovered, ensuring companies that they have the awareness and support to optimize their overall cybersecurity posture. Our ShadowSpear platform, an integrable managed detection and response tool, provides a cloud-based solution collecting endpoint logs regardless of machines’ locations.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.