Medical software firm urges password resets after ransomware attack

Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.

The firm clarified that the impact has not reached clients and is limited to their internal IT systems and shouldn't affect any of their PVS (practice management systems).

However, as it is unknown what data was stolen during the attack, threat actors may have acquired Medatixx customers' passwords.

Therefore, Medatixx is recommending that customers perform the following steps to make sure their practice management software remains secure:

1. Change user passwords on practice software (instructions).
2. Change Windows logon passwords on all workstations and servers (instructions).
3. Change TI connector passwords (instructions).

The firm explained that the above are precautionary measures, but they should be applied as soon as possible.

The software products whose users should respond to this emergency are the following:

• easymed
• medatixx
• x.comfort
• x.concept
• x.isynet
• x.vianova

Still recovering from attack

The ransomware attack on Mediatixx took place last week, and the company is still recovering, so far only managing to restore e-mail and central telephone systems.

Also, regional sales partners and all customer support lines are up and running, so clients can reach out to company representatives to address any concerns they may have.

There's no estimate for when the company will return to normal operational status.

Finally, it has not been determined if the actors managed to exfiltrate any client, doctor, or patient data. However, the company states they informed Germany's data protection authority has about the incident and will issue an update after the investigations are concluded.

"It is not known at this point whether or not, and to what extent any data was stolen. It can therefore not be ruled out that the data stored by us has been stolen," Mediatixx explained in the translated advisory.

According to Heise Online, Mediatixx solutions are used in about 25% of all medical centers in Germany, and this could be the biggest cyberattack ever to hit the country's healthcare system.

Moreover, the German news outlet speculates that the actors could exfiltrate user credentials from remote maintenance systems.

This incident is happening at the worst possible moment, as Germany is dealing with a record-high number of COVID-19 cases.

The pandemic already strains hospitals in the country, and the last thing they needed was losing access to essential support software tools or performing system-wide resets.