Hackers steal patient and billing data from German hospitals via third-party provider
The large-scale data breach reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals.
German university hospitals are grappling with a large-scale patient data breach after unknown hackers targeted an external billing service provider used by medical centers across the country, according to statements from several affected medical institutions.
The attack reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals. Hospitals said the breach did not compromise their own clinical infrastructure or disrupt patient treatment.
Several university hospitals, including those in Cologne, Freiburg, Heidelberg, Tübingen, Ulm and Mannheim, disclosed Thursday that patient information had been stolen after attackers breached the service provider in mid-April. The scale of the breach varied by hospital.
Source: https://therecord.media/hackers-steal-patient-billing-data-german-hospitals
Related breach coverage
- Third-Party Cyberattack Impacts Patient Information at The Oncology Institute2026-05-26
The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was […]
- IMA Diligence Services Data Breach Impacts 525,000 People2026-06-03
The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek.
- A Fake UK Visa Site Left 100,000 Passports Wide Open2026-05-28
A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply […]
- DocketWise Data Breach Impacts 143,0002026-05-25
Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek.