ARWINI (Lower Saxony prescription-audit body) — exfiltration confirmed; Kairos claims 2.87 TB including ~70,000 GDPR Art. 9 records

Investigators confirmed on 2026-05-18 that the cyberattack on ARWINI — the body that audits prescription cost-effectiveness for statutory health insurers in Lower Saxony — exfiltrated data after a 4 May intrusion. The Kairos ransomware group claims 2.87 TB, with roughly 70,000 special-category (Art. 9) health records in scope. This is the second DACH healthcare-adjacent data-theft event of the window after Unimed, reinforcing that the sector's softest surfaces are the administrative and audit intermediaries, not the hospitals' clinical systems.