The bottom line: Cyberattack on external billing service provider leads to data breach of health and personal data of nearly 2,800 patients at Mainz University Hospital.
A billing service provider based in Saarland was targeted by a cyberattack in mid-April. At University Medicine Mainz, data of 2,764 patients was compromised, including diagnoses and personal information.
A cyberattack on a service provider based in Saarland, which provides billing services for several university hospitals in Germany, occurred in early to mid-April 2024. At University Medicine Mainz, 2,764 patients were affected, as the hospital announced on 22 May. Only private patients and self-paying patients are affected.
The data of affected individuals falls into two categories: Approximately 600 patients had sensitive health data such as diagnoses compromised. For approximately 2,100 additional affected individuals, personal data such as name, address or date of birth were compromised. In one case, financial data was also stolen. University Medicine Mainz is notifying all affected patients by written notice.
The incident demonstrates the risks of outsourcing critical functions such as patient billing to external service providers. As a university hospital in Rhineland-Palatinate, the Mainz facility is subject to German data protection law and potentially the NIS2 Directive. Supply-chain dependence on a central billing service provider for multiple university hospitals increases the risk potential of such attacks.
Source: www.it-daily.net · Published 6 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.