Clearly, data leaks are legion at the start of 2021. After the publication of the passwords of nearly 3.2 billion accounts, the leak of the day concerns hundreds of thousands of French citizens. Indeed and as reported by our colleagues from Liberation, the medical files of 491,840 French patients circulate on the web.
Around 30 laboratories in northwestern France have been the victim of a massive cyberattack. Unsurprisingly, these files contain sensitive data, such as the names of patients, their email addresses, their telephone numbers, information on their mutual health insurance, and sometimes comments on their current state of health. According to Liberation, these laboratories all used the same software to centralize their data. What to simplify the task of the pirates.
[ 🔓 Nouvelle fuite de données dans la santé française 🔓 ]
The chances are amazing. While hacking in the healthcare sector 🩺 is nothing new, since January 2021 cases 🔓 keep coming out of the pockets of hackers ☠
– ZATAZ – “o /” (@zataz) February 19, 2021
As the newspaper explains, these data are dated between 2015 and 2020. After having succeeded their coup, the hackers had planned to sell these files to the highest bidders. Only, the negotiations between the hackers would have gone badly, and one of the operators would have chosen to broadcast it on the Web. The various documents are dispatched on the web (for the time being, there are 7 sites which house this medical data).
According to Damien Bancal, journalist specializing in computer security and editor-in-chief of the site Zataz, hackers could be in possession of much more data. ” 500,000 pieces of data are already enormous and there is nothing to prevent hackers from having a lot more ”, he declared in the columns of Agence France Presse.
Also read: Cambridge Analytica – Are you the victim of Facebook?
How do I know if I am affected?
Usually, it is sufficient to go to certain dedicated sites such as HaveIbeenPwned to find out whether or not our email address has been compromised during a hack or a data breach. Unfortunately, that is not possible here. If you live in the north-west of France and you are a laboratory patient, we advises you to contact him quickly to find out if you are one of the victims.
Note that the law requires that establishments targeted by cyber attacks notify the authorities after 72 hours. It is therefore possible that you will receive a phone call from your laboratory once this deadline has passed. For its part, the CNIL, the National Commission for Informatics and Freedoms, opened an investigation this Wednesday, February 24. ” If there is a high risk to the rights and freedoms of natural persons, companies must also individually notify victims of the leak.” , ensures the institution.