Overview
- Unknown attackers gained unauthorized access to parts of Unimed’s IT systems in mid-April and stole data tied to private and self‑pay patient billing for several university hospitals.
- Police and state investigators have named affected clinics including Cologne, Freiburg, Ulm, Heidelberg, Homburg, Mainz and Augsburg as institutions whose billing records were involved.
- The Landeskriminalamt Saarland’s specialized cybercrime unit is leading the investigation and is actively securing and analysing digital evidence while withholding tactical details for investigative reasons.
- Unimed says its billing service for private patients and self‑payers was restored shortly after the incident and that so far there are no confirmed signs of targeted misuse of the data.
- Hospitals and cybersecurity experts warn that centralising sensitive billing records at one external provider raises systemic risk and could prompt regulatory, reputational and privacy consequences for affected patients and clinics.