### Large-Scale Data Breach Impacts German Hospitals German university hospitals, including those in Cologne, Freiburg, Heidelberg, Tübingen, Ulm and Mannheim, have disclosed a significant patient data breach. The incident stemmed from a cyberattack targeting **Unimed**, a company providing billing services for privately insured and self-paying patients. Hospitals have stated that their internal clinical infrastructure remained secure and patient treatment was not disrupted. However, the data breach at **Unimed** has exposed sensitive patient information. ### Breach Details Vary by Hospital The scale of the breach varies among the affected hospitals. **University Hospital Cologne** reported that nearly 30,000 individuals were affected. Attackers accessed names, addresses, and treating physician information. In over 840 cases, additional health-related details, including communications with the billing provider, were exposed. Bank and payment data was compromised in five instances. Hospitals in Baden-Württemberg also reported significant breaches. **Freiburg University Hospital** reported the theft of basic personal data from approximately 54,000 patients, along with billing information tied to diagnoses or treatments in about 900 cases. **Heidelberg University Hospital** indicated that around 11,000 patients were affected, with billing information potentially exposed for roughly 2,700 of them. **Ulm University Hospital** reported approximately 1,600 affected patients, including about 300 cases involving diagnosis and treatment information. The compromised data primarily affects privately insured patients, those with supplemental insurance, and self-paying patients, including some international patients. Patients covered solely through Germany’s statutory public health insurance system were generally not affected. ### Response and Investigation The affected hospitals have suspended data transfers to **Unimed**. The billing service provider has yet to issue a statement regarding the attack and has not responded to requests for comment. The identity of the attackers and the specific nature of the cyberattack remain unknown, and no ransomware group has claimed responsibility. Several hospitals are considering legal action against **Unimed**. **Heidelberg University Hospital** has filed a criminal complaint against unknown individuals. "Health data is among the most sensitive data of all. Its theft is a serious infringement on the rights of those affected," stated Frederik Wenz, medical director of **Freiburg University Hospital**. "We take this incident very seriously and demand a full investigation from the service provider. We are also examining legal options.”