The hacked health data of more than 750,000 patients from a health center in the Ile-de-France region was put up for sale on Tuesday, cybersecurity expert Damien Bancal confirmed to AFP.
Also questioned, the Ministry of Health confirmed having been informed of this cyberattack by the Regional Health Agency (ARS) Île-de-France.
Name, surname, medical information…
On a website, an anonymous user put up for sale a file containing the personal data of 758,912 people.
According to the hacker, who revealed a sample of the stolen data online, the file put up for sale would contain sensitive elements: in addition to surnames, first names, postal and email addresses and dates of birth, medical information such as the identity of the treatment or the doctor’s prescriptions would be especially concerned.
The sales proposal included the name of Mediboard, a medical software deployed in health facilities, as well as the name of several private hospitals.
Questioned by AFP, the company Softway Medical, publisher of Mediboard, however indicated that the leak did not refer to the software itself, but to a health establishment of the Aléo group that uses it. “The establishment’s health data is not hosted by Softway Medical,” clarified Déborah Draï, the company’s communications manager.
Aléo Santé brings together 14 clinics or health centers and three nursing homes in Paris and the south of the Paris region, according to its website.
The group did not immediately respond to AFP requests.
Measures taken by Aléo
“The measures associated with this type of incident are being implemented by the Aléo group in collaboration with the different authorities concerned,” the ministry specified, adding that “this event has no impact on the continuity of assistance and the security of the attendance”.
“With all this information, we can create increasingly precise databases that are undoubtedly the best way to know your future victim to carry out targeted phishing, perhaps to make a fake bank call,” Benoit told AFP. Grunemwald. , cybersecurity expert at ESET, a company specialized in the subject.
Since the beginning of the week, several companies have been victims of data leaks.
Le Point magazine thus confirmed that its readers were affected, without revealing the number.
Direct Assurance, a subsidiary of the Axa group, also indicated that 15,000 of its clients were affected. Their names, surnames, email addresses and Iban (international bank account number) were stolen.
Source: BFM TV