Medatixx, a leading German medical software provider serving over 21,000 medical facilities and 40,000 physicians, suffered a severe ransomware attack that forced a complete halt in operations. The attack encrypted critical parts of their IT infrastructure, crippling internal access and disrupting company-wide functions. While Medatixx confirmed that the practice management systems (PVS) and customer-facing operations remained unaffected, the extent of data exfiltration if any remains unclear, leaving uncertainty over whether sensitive patient, physician, or corporate data was compromised.The company has contained the breach internally but continues recovery efforts as of November 10, with only email and telephone services partially restored. As a precaution, all users were advised to change passwords immediately, signaling potential risks of credential exposure. The attack’s primary impact was operational paralysis, though the lack of confirmed data theft or external damage to customers mitigates the severity slightly. However, the prolonged downtime and reliance on manual workarounds (e.g., paper-based processes) underscore the attack’s disruptive potential, particularly for a provider integral to Germany’s healthcare ecosystem.
TPRM report: https://www.rankiteo.com/company/medatixx
"id": "med5063950090625",
"linkid": "medatixx",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Unknown (precautionary password '
'reset advised for all users)',
'industry': 'Healthcare IT',
'location': 'Germany',
'name': 'Medatixx',
'size': 'Supports 21,000+ medical facilities and '
'40,000+ physicians',
'type': 'Medical Software Provider'}],
'customer_advisories': ['Password change advisory'],
'data_breach': {'data_encryption': ['Important parts of IT systems '
'encrypted']},
'description': 'Medatixx, a German medical software provider serving over '
'21,000 medical facilities and 40,000 physicians, suffered a '
'ransomware attack that encrypted critical IT systems, forcing '
'a halt in operations. The attack did not impact customer PVS '
'(practice management systems), but the company advised users '
'to change passwords as a precaution. As of November 10, only '
'email and telephone access have been restored, with recovery '
'ongoing. It remains unclear if sensitive data (customer, '
'physician, or patient) was accessed or exfiltrated.',
'impact': {'downtime': 'Ongoing as of November 10 (partial recovery: email '
'and telephone access restored)',
'operational_impact': 'Severe (operations halted, partial recovery '
'in progress)',
'systems_affected': ['IT systems (encrypted)',
'Company operations (halted)']},
'investigation_status': 'Ongoing (as of November 10)',
'ransomware': {'data_encryption': True},
'recommendations': ['Immediate password changes for all users as a '
'precaution'],
'references': [{'source': 'Acronis Cyber Protect (advertisement context)'}],
'response': {'communication_strategy': ['Public disclosure',
'User advisory for password changes'],
'containment_measures': ['Internal containment (attack limited '
'to Medatixx systems)'],
'incident_response_plan_activated': True,
'recovery_measures': ['Ongoing recovery efforts as of November '
'10'],
'remediation_measures': ['Password reset advisory for all users',
'Partial system recovery (email and '
'telephone access)']},
'stakeholder_advisories': ['Password change advisory for all users'],
'title': 'Ransomware Attack on Medatixx Disrupts Operations',
'type': 'Ransomware Attack'}