Large-Scale Patient Data Breach Hits German University Hospitals via Billing Provider
German university hospitals are responding to a major patient data breach after hackers targeted Unimed, an external billing service provider used by medical centers nationwide. The attack, which occurred in mid-April, exposed sensitive information from thousands of patients across multiple institutions, though clinical systems and patient care remained unaffected.
The breach impacted hospitals in Cologne, Freiburg, Heidelberg, Tübingen, Ulm, and Mannheim, with varying degrees of exposure. University Hospital Cologne reported nearly 30,000 affected individuals, including 840 cases where health-related communications with the billing provider were compromised. In five instances, bank and payment data was also accessed. Freiburg University Hospital disclosed that 54,000 patients had basic personal data stolen, with 900 cases involving billing details tied to diagnoses or treatments. Heidelberg University Hospital identified 11,000 affected patients, including 2,700 with exposed billing records, while Ulm University Hospital reported 1,600 impacted individuals, with 300 cases involving treatment information.
Unimed processes invoices and administrative data for privately insured, self-paying, and some international patients, meaning those under Germany’s statutory public health insurance were largely unaffected. The hospitals have suspended data transfers to the provider, which has not publicly commented on the incident.
No ransomware group or threat actor has claimed responsibility, and the method of attack remains undisclosed. Several hospitals, including Heidelberg, have filed criminal complaints against unknown perpetrators, while others are exploring legal action against Unimed.
Freiburg University Hospital’s medical director, Frederik Wenz, emphasized the severity of the breach, stating, “Health data is among the most sensitive data of all. Its theft is a serious infringement on the rights of those affected.” The hospitals are demanding a full investigation from the service provider.
Source: https://therecord.media/hackers-steal-patient-billing-data-german-hospitals
Freiburg University Hospital TPRM report: https://www.rankiteo.com/company/uniklinikfr
Heidelberg University Hospital TPRM report: https://www.rankiteo.com/company/heidelberg-university-hospital-ukhd
Tübingen University Hospital TPRM report: https://www.rankiteo.com/company/universitätsklinikum-tübingen
Mannheim University Hospital TPRM report: https://www.rankiteo.com/company/unimedizinmannheim
Ulm University Hospital TPRM report: https://www.rankiteo.com/company/universit-tsklinikum-ulm-university-hospital-ulm-
"id": "heiuniuniuniuni1779453682",
"linkid": "heidelberg-university-hospital-ukhd, universitätsklinikum-tübingen, unimedizinmannheim, universit-tsklinikum-ulm-university-hospital-ulm-, uniklinikfr",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '30,000',
'industry': 'Healthcare',
'location': 'Cologne, Germany',
'name': 'University Hospital Cologne',
'type': 'Hospital'},
{'customers_affected': '54,000',
'industry': 'Healthcare',
'location': 'Freiburg, Germany',
'name': 'Freiburg University Hospital',
'type': 'Hospital'},
{'customers_affected': '11,000',
'industry': 'Healthcare',
'location': 'Heidelberg, Germany',
'name': 'Heidelberg University Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'Tübingen, Germany',
'name': 'Tübingen University Hospital',
'type': 'Hospital'},
{'customers_affected': '1,600',
'industry': 'Healthcare',
'location': 'Ulm, Germany',
'name': 'Ulm University Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'Mannheim, Germany',
'name': 'Mannheim University Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare Administration',
'location': 'Germany',
'name': 'Unimed',
'type': 'Billing Service Provider'}],
'data_breach': {'number_of_records_exposed': 'Approximately 96,600+ '
'(aggregated from affected '
'hospitals)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (health data, personally '
'identifiable information, payment '
'data)',
'type_of_data_compromised': ['Billing records',
'Health-related communications',
'Bank and payment data',
'Diagnoses',
'Treatments']},
'date_detected': '2024-04-15',
'description': 'German university hospitals are responding to a major patient '
'data breach after hackers targeted Unimed, an external '
'billing service provider used by medical centers nationwide. '
'The attack exposed sensitive information from thousands of '
'patients across multiple institutions, though clinical '
'systems and patient care remained unaffected.',
'impact': {'brand_reputation_impact': 'Severe infringement on patient rights, '
'potential legal actions',
'data_compromised': 'Sensitive patient data, including billing '
'records, health-related communications, bank '
'and payment data, diagnoses, and treatments',
'identity_theft_risk': 'High',
'legal_liabilities': 'Criminal complaints filed, potential legal '
'action against Unimed',
'operational_impact': 'Suspension of data transfers to Unimed',
'payment_information_risk': 'High',
'systems_affected': 'Unimed billing systems'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Incident description provided'}],
'regulatory_compliance': {'legal_actions': 'Criminal complaints filed, '
'potential legal action against '
'Unimed',
'regulations_violated': ['GDPR',
'German data protection '
'laws']},
'response': {'containment_measures': 'Suspension of data transfers to Unimed',
'law_enforcement_notified': 'Criminal complaints filed by '
'Heidelberg University Hospital and '
'others'},
'title': 'Large-Scale Patient Data Breach Hits German University Hospitals '
'via Billing Provider',
'type': 'Data Breach'}