German IT service provider Bitmarck has confirmed bringing all of its customer and internal systems offline due to a cyber-attack discovered over the weekend.
Writing on a temporary website on Sunday (and then on Monday), the company said the cyber-attack was detected by its early warning systems.
“In compliance with our security protocol, we have taken down customer and internal systems from the grid in a controlled manner and conducted an impact analysis,” reads the blog post.
Bitmarck also added that it does not believe customer data was impacted due to the breach.
“The patient data stored in the ePA [electronic patient file] was not at risk during the attack and remains secure. This data is subject to special protection under gematik regulations,” reads the post. Gematik is the national agency for the digitalization of the healthcare system in Germany.
According to Coalfire vice president, Andrew Barratt, however, signs of data theft are often challenging to determine.
“The big concern would be if the Bitmarck infrastructure has been leveraged to move laterally into other healthcare environments,” Barratt told Infosecurity in an email.
“Large-scale healthcare infrastructure typically has a litany of third parties connected to their internal environments and often view very different types of connection. Tracking down the route in and out any given threat actor can take has a lot of layers of complexity.”
Read more on healthcare data protection: #HowTo: Protect Healthcare Providers’ Data
Since the breach, Bitmarck said it restored access to some services, including the digital processing of electronic incapacity certificates (eAU) and access to ePA.
Still, the tech giant clarified that there would be considerable restrictions in day-to-day business for the foreseeable future as entire data centers have been disconnected from the network since the attack.
“While few details have emerged about this incident, and it is never wise to speculate about cybersecurity matters without full insight, we have seen a clear and distinct trend toward destruction for destruction’s sake in cybersecurity incidents of late,” Conversant Group CEO, John Anthony Smith, told Infosecurity.
“Threat actors have been destroying backups, systems, and software, sometimes without discernible reason. In this case, it appears Bitmarck is following a solid restoration plan of staging their systems for a prioritized restoration approach to enable essential functions to operate as quickly as possible.”
The attack comes weeks after the Russia-affiliated hacktivist group KillNet was observed targeting healthcare applications hosted using the Microsoft Azure infrastructure.