Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Medical Software Firm Urges Password Resets After Ransomware Attack

Medical Software Firm Urges Password Resets After Ransomware Attack

Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.

The firm clarified that the impact has not reached clients and is limited to their internal IT systems and shouldn’t affect any of their PVS (practice management systems).

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

However, as it is unknown what data was stolen during the attack, threat actors may have acquired Medatixx customers’ passwords.

Therefore, Medatixx is recommending that customers perform the following steps to make sure their practice management software remains secure:

  1. Change user passwords on practice software (instructions).
  2. Change Windows logon passwords on all workstations and servers (instructions).
  3. Change TI connector passwords (instructions).

The firm explained that the above are precautionary measures, but they should be applied as soon as possible.

The software products whose users should respond to this emergency are the following:

  • easymed
  • medatixx
  • x.comfort
  • x.concept
  • x.isynet
  • x.vianova

Still recovering from attack

The ransomware attack on Mediatixx took place last week, and the company is still recovering, so far only managing to restore e-mail and central telephone systems.

Also, regional sales partners and all customer support lines are up and running, so clients can reach out to company representatives to address any concerns they may have.

There’s no estimate for when the company will return to normal operational status.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Finally, it has not been determined if the actors managed to exfiltrate any client, doctor, or patient data. However, the company states they informed Germany’s data protection authority has about the incident and will issue an update after the investigations are concluded.

“It is not known at this point whether or not, and to what extent any data was stolen. It can therefore not be ruled out that the data stored by us has been stolen,” Mediatixx explained in the translated advisory.

According to Heise Online, Mediatixx solutions are used in about 25% of all medical centers in Germany, and this could be the biggest cyberattack ever to hit the country’s healthcare system.

Moreover, the German news outlet speculates that the actors could exfiltrate user credentials from remote maintenance systems.

This incident is happening at the worst possible moment, as Germany is dealing with a record-high number of COVID-19 cases.

The pandemic already strains hospitals in the country, and the last thing they needed was losing access to essential support software tools or performing system-wide resets.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us