The data of more than 750,000 patient files were stolen and sold: a health establishment victime d’une cyberattaque

An établissement de santé francilien was the victim of a cyberattack, in which more than 750,000 patient data were stolen. The latter were put up for sale on Tuesday, November 19, 2024.

Les cyberattacks fleurissent ces derniers temps. The hacked health data of more than 750,000 patients from a health institution was put up for sale on Tuesday, confirmed cybersecurity expert Damien Bancal à the AFP. On a website, an anonymous user is proposed to sell a file containing the personal data of 758,912 people.

Interrogé égamente, ministère de la Santé confirmed that it was informed of this cyberattack through the Regional Health Agency (ARS) Île-de-France. “One cannot be sure of the reliability of these figures”Damien Bancal, and the author of the blog zataz.com, stated nevertheless.

Often sensitive elements hacked

According to the pirates, who unveiled online a sample of the stolen data, the file contains sensitive elements : outre les noms, prénoms, adresses électroniques et postales et dates de naissance, des informations medicales tells that the identity du médecin treatant or les ordonnances would be specifically concerned. Sur la proposition de vente figured le nom de Mediboard, a medical software deployed in health establishments, ainsi que le nom de plusieurs hôpitaux privés.

Interrogated para the AFPthe company Softway Medical, publisher of Mediboard, has indicated, however, that it is not concerned with the software itself but an établissement de santé du groupe Aléo that uses it. “Les data of health of the station are not pas hébergées chez Softway Medical”said Déborah Draï, responsible for the company’s communication. Aléo Santé groups 14 clinics or health centers and three retirement homes in Paris and the south of the Paris region, according to its website. The group did not respond to inquiries the AFP dans l’immédiat

“Measures associated with this type of incident are being put in place by the Aléo group in conjunction with the competent authorities”a précisé le ministère, ajoutant que “cet event no pas d’impact sur la continuity des prises in charge et la sécurité des cares”. “With toutes ces informations, on peut créer des bases de plus en plus précis et qui sont certainly le meilleur moyen de knowledge of the future victim for lui faire de l’hameçonnage targeted, pour lui faire peut-être un faux appel . banking”a commenté aupres de the AFP Benoit Grunemwald, cyber security expert at ESET, specialist company.

Many victims of cyberattacks

Since the beginning of the week, several businesses have been victims of data breaches. Le Point magazine thus confirmed that ses lecteurs were reached, without revealing their names. Direct Assurance, subsidiary of the Axa group, indicated that 15,000 customers were involved. Their noms, prénoms, electronic addresses and IBAN (international bank account number) were stolen.