A risk for patients. The hacked health data of more than 750,000 patients from a health establishment in the Ile-de-France region was put up for sale on Tuesday, confirmed cybersecurity expert Damien Bancal.
Also questioned, the Ministry of Health confirmed having been informed of this cyberattack by the Regional Health Agency (ARS) Île-de-France.
On a website, an anonymous user offered for sale a file containing the personal data of 758,912 people. “We cannot be sure of the reliability of these figures,” nevertheless clarified Damien Bancal, also author of the blog zataz.com.
According to the hacker, who revealed a sample of the stolen data online, the file put up for sale would contain sensitive elements: in addition to surnames, first names, email and postal addresses and dates of birth, medical information such as the identity of the doctor treatment or prescriptions would be particularly concerned.
The sales proposal included the name of Mediboard, a medical software deployed in health establishments, as well as the name of several private hospitals.
When questioned, the company Softway Medical, publisher of Mediboard, however indicated that the leak did not concern the software itself but a health establishment of the Aléo group which uses it. “The establishment's health data is not hosted at Softway Medical,” explained Déborah Draï, the company's communications manager.
Aléo Santé brings together 14 clinics or health centers and three retirement homes in Paris and the south of the Paris region, according to its website. The group did not immediately respond to requests.
“The measures associated with this type of incident are being implemented by the Aléo group in conjunction with the various authorities concerned,” specified the ministry, adding that “this event has no impact on the continuity of care and safety of care”.
“With all this information, we can create databases which are more and more precise and which are certainly the best way to know your future victim in order to carry out targeted phishing, to perhaps make a false call banking,” commented Benoit Grunemwald, cybersecurity expert at ESET, a company specializing in the field.
Since the start of the week, several companies have been victims of data leaks. The magazine The Point thus confirmed that its readers were affected, without revealing the number. Direct Assurance, a subsidiary of the Axa group, also indicated that 5,800 of its customers were affected. Their names, first names, email addresses and Iban (international bank account number) were stolen.
Related News :