ctipilot.ch

Home · Live brief · Weekly 2026-W21

Six German university hospitals — patient records exfiltrated via billing processor Unimed

notable incident discovered 2026-05-18 05:00 UTC

Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)

Unimed, a Saarland-based billing-service provider that handles private-insurance and self-payer invoicing for an estimated 95% of German university hospitals, was breached in mid-April 2026; patient billing data for at least six university hospitals — including Uniklinikum Freiburg and Uniklinik Köln, which issued their own notifications on 2026-05-21 — was stolen; The Record tallies ~96,600 records across four named hospitals, with further hospitals affected per heise's per-hospital breakdown, as of 2026-05-24. The defender lesson is the concentration multiplier: one processor breach simultaneously becomes a GDPR Art. 33/34 event for every covered hospital. CH/EU healthcare entities should inventory which billing, lab, and imaging processors hold their patient data and confirm each processor's breach-notification SLA.

ransomware data-breach supply-chain dach europe