Names, first names, dates of birth, attending physician… Data from more than 750,000 people was put up for sale on Tuesday on the internet according to a cybersecurity expert.
Company
From daily life to major issues, discover the subjects that make up local society, such as justice, education, health and family.
France Télévisions uses your email address to send you the “Society” newsletter. You can unsubscribe at any time via the link at the bottom of this newsletter. Our privacy policy
According to the hacker, who revealed a sample of the stolen data online, the file put up for sale would contain sensitive elements: in addition to surnames, first names, email and postal addresses and dates of birth, medical information such as the identity of the doctor treatment or prescriptions would be particularly concerned. Personal data of 758,912 people.
“We cannot be sure of the reliability of these figures.“, nevertheless clarified Damien Bancal, also author of the zataz.com blog.
The Ministry of Health confirmed having been informed of this cyberattack by the Île-de-France Regional Health Agency (ARS).
The sales proposal included the name of Mediboard, a medical software deployed in health establishments, as well as the name of several private hospitals.
Questioned by AFP, the company Softway Medical, publisher of Mediboard, however indicated that the leak did not concern the software itself, but a health establishment of the Aléo group which uses it. “The establishment's health data is not hosted by Softway Medical“, specified Déborah Draï, head of communications for the company.
Aléo Santé brings together 14 clinics or health centers and three retirement homes in Paris and the south of the Paris region, according to its website.
“The measures associated with this type of incident are being implemented by the Aléo group in conjunction with the various authorities concerned. said the ministry, adding that “that this event has no impact on the continuity of care and the safety of care“.
“With all this information, we can create databases which are more and more precise and which are certainly the best way to know your future victim in order to carry out targeted phishing, perhaps to make a false bank call.“, commented to AFP Benoit Grunemwald, cybersecurity expert at ESET, a company specializing in the field.
The Aléo group did not immediately respond to requests from AFP.
Several companies have been victims of data leaks in recent weeks, such as the telephone operator Free and the magazine Le Point. Direct Assurance, a subsidiary of the Axa group, also indicated that 15,000 of its customers were affected by data hacking: their names, first names, email addresses were stolen, as well as their Iban (international bank account number) for 5,800 between them, the company said.
