Home · Live brief · Weekly 2026-W21
ARWINI (Lower Saxony prescription-audit body) — exfiltration confirmed; Kairos claims 2.87 TB including ~70,000 GDPR Art. 9 records
notable incident discovered 2026-05-18 05:00 UTC single-source
Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)
Investigators confirmed on 2026-05-18 that the cyberattack on ARWINI — the body that audits prescription cost-effectiveness for statutory health insurers in Lower Saxony — exfiltrated data after a 4 May intrusion. The Kairos ransomware group claims 2.87 TB, with roughly 70,000 special-category (Art. 9) health records in scope. This is the second DACH healthcare-adjacent data-theft event of the window after Unimed, reinforcing that the sector's softest surfaces are the administrative and audit intermediaries, not the hospitals' clinical systems.