ctipilot.ch

Home · Live brief · Weekly 2026-W21

Healthcare (DACH) — the soft surface is the administrative intermediary, not the hospital

high synthesis discovered 2026-05-18 05:00 UTC

Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)

Two DACH healthcare data-theft events this window both hit intermediaries rather than clinical systems: the Unimed billing processor (exposing patient records across at least six German university hospitals) and ARWINI, the Lower Saxony prescription-audit body (Kairos claims 2.87 TB including ~70,000 Art. 9 records) — both detailed in § 5. The pattern for Swiss and German healthcare CISOs is concentration risk in the back-office tier: billing, audit, lab and imaging processors aggregate patient data from many providers and become a single high-value, lower-defended target. Inventory which processors hold your Art. 9 data and confirm each one's breach-notification SLA and security attestation.

ransomware data-breach supply-chain dach europe