Healthcare (DACH) — the soft surface is the administrative intermediary, not the hospital

Two DACH healthcare data-theft events this window both hit intermediaries rather than clinical systems: the Unimed billing processor (exposing patient records across at least six German university hospitals) and ARWINI, the Lower Saxony prescription-audit body (Kairos claims 2.87 TB including ~70,000 Art. 9 records) — both detailed in § 5. The pattern for Swiss and German healthcare CISOs is concentration risk in the back-office tier: billing, audit, lab and imaging processors aggregate patient data from many providers and become a single high-value, lower-defended target. Inventory which processors hold your Art. 9 data and confirm each one's breach-notification SLA and security attestation.