Sensitive medical data belonging to nearly half a million French people has been stolen and leaked online, according to a joint investigation by news source Libération and French cybersecurity blog Zataz.
The exposed data, which can be accessed from multiple sites, includes names, phone numbers, and postal addresses of 491,840 individuals. In some cases, it is accompanied by identifying information including Social Security number, birth date, blood type, GP, health insurance provider, medical treatments, HIV status, and pregnancy test results.
Libération found that the data was stolen from around 30 different medical laboratories located mainly in France's northwestern quarter. The news source said that the leaked information corresponds to samples taken between 2015 and October 2020, a period during which the laboratories were all using a particular type of medical administrative software published by the Dedalus Healthcare Systems Group.
“We are not certain that the sole reason for this incident was Dedalus software," Dedalus COO Didier Neyrat told international news agency Agence France-Presse (AFP).
"We have set up a crisis cell group as we are taking this seriously, and we will work in partnership with our clients to understand what has happened."
In an interview with AFP, Zataz journalist Damien Bancal said: “You can already find the files in seven different places online.”
He added that the stolen data had been in the possession of a number of malicious hackers who had intended to sell it on Telegram. However, one of them went rogue and leaked the information following a disagreement within the group.
Bancal suspects that the information that was leaked is not the only stolen data that has fallen into the hands of the hackers.
“500,000 data points is already huge, and we have no reason to doubt that the hackers have many more in their possession,” he said.
The security incident comes after an announcement by France's Ministry of Health that the data of 50,000 doctors and medical staff in France was being sold online in a cybercrime forum. Among the information exposed in this attack were usernames and passwords.
Sensitive medical data belonging to nearly half a million French people has been stolen and leaked online according to a joint investigation by news source Libération and French cyber-security blog Zataz.
The exposed data, which can be accessed from multiple sites, includes names, phone numbers and postal addresses of 491,840 individuals. In some cases, it is accompanied by identifying information including social security number, birth date, blood type, GP, health insurance provider, medical treatments, HIV status and pregnancy test results.
Libération found that the data was stolen from around 30 different medical laboratories located mainly in France's north-western quarter. The news source said that the leaked information corresponds to samples taken between 2015 and October 2020, a period during which the laboratories were all using a particular type of medical administrative software published by the Dedalus Healthcare Systems Group.
“We are not certain that the sole reason for this incident was Dedalus software," Dedalus COO Didier Neyrat told international news agency Agence France-Presse (AFP).
"We have set up a crisis cell group as we are taking this seriously, and we will work in partnership with our clients to understand what has happened."
In an interview with AFP, Zatav journalist Damien Bancal said: “You can already find the files in seven different places online.”
He added that the stolen data had been in the possession of a number of malicious hackers who had intended to sell it on Telegram. However, one of them went rogue and leaked the information following a disagreement among the group.
Bancal suspects that the information that was leaked is not the only stolen data that has fallen into the hands of the hackers.
“500,000 data points is already huge, and we have no reason to doubt that the hackers have many more in their possession,” he said.
The security incident comes after an announcement by France's Ministry of Health that the data of 50,000 doctors and medical staff in France was being sold online in a cybercrime forum. Among the information exposed in this attack was usernames and passwords.