A massive leak exposed the critical medico-administrative data of nearly half a million French patients
A file containing sensitive medical data (blood group, attending physician, comments on the state of health) for a list of nearly 500,000 people in France are circulating on the internet.
A file containing sensitive medical data for a list of nearly 500,000 people in France is circulating on the internet, AFP noted on Tuesday, following information from Liberation and the blog specializing in cybersecurity Zatz.
The file contains 491,840 names associated with contact details (postal address, telephone, email) and a social security number. They are sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments, or pathologies (in particular HIV).
WHO investigated the subject, the data would come from about thirty medical biology laboratories, located mainly in the north-western quarter of France, using the same software for entering medico-administrative information. According to the newspaper, they correspond to samples taken between 2015 and October 2020.
This file can be found in 7 different places on the internet, “Damien Bancal, a cybersecurity journalist, who first identified the leak on February 14 on his Zataz blog, told AFP.
According to him, this file was the subject of commercial negotiation between several hackers on a Telegram group specializing in the exchange of stolen databases, and one of them distributed it for free following an argument.
500,000 data is already huge and there is nothing to prevent the thinking that hackers still have a lot more, “he told AFP.
Asked Tuesday evening by AFP, the National Information Systems Agency (Anssi) did not respond. The Council, the personal data police, and the general health directorate were not able to comment on this information either.