A gigantic leak. A file containing sensitive medical data for a list of nearly 500,000 people in France is circulating on the internet, AFP noted on Tuesday 23 February, following information from the CheckNews site of “Liberation” and the blog specializing in cybersecurity Zataz. Initially shared by hackers, the database continues to be distributed online for free.
French health data: “We can’t wait two years, we have to solve the Microsoft problem”
Social Security number, date of birth, blood type, address, number
cell phone, prescribing doctor and even usernames and passwords probably allowing access to medical results … Each line contains up to 60 information on the same person, reports Check News. Sometimes even the words “pregnancy”, “brain tumor”, “HIV positive” appear. In all, the file would contain 491,840 lines for almost as many French patients.
As our colleagues point out, this leak is a gold mine for cybercriminals: so much personal data makes the people concerned vulnerable to attempts at “phishing” or “personalized phishing”. There is also a risk of identity theft.
Data entry software as a common denominator
These data come from around thirty medical biology laboratories, especially located in Morbihan, Eure, Loiret, Côtes-d’Armor and Loir-et-Cher, according to CheckNews who randomly contacted various doctors. appearing in this list to verify the veracity of this data.
Hospitals, easy targets in the face of cyberattacks
The National Information Systems Security Agency (Anssi) would have been aware of the existence of this database since at least last weekend, but the laboratories contacted by CheckNews say they were not informed.
According to “Liberation”, the common point of the laboratories contacted is the use of the same software for entering medico-administrative information, marketed by Dedalus France. This would have been phased out over the years and is no longer updated.
A leak deemed “extremely serious”
This data was reportedly originally broadcast on a Turkish Telegram channel, which included a hacker “Known for selling data”, according to blogger Damien Bancal, who spotted the file first. According to him, a quarrel between several hackers seeking to commercialize this highly sensitive data ultimately led to its free publication. However, the question remains whether this file is complete or if it is only an extract. “We can find this file in 7 different places on the internet”, Damien Bancal told AFP.
For Mickael Behrens, who markets management software for healthcare professionals, this distribution is ” extremely serious “. “I have never heard of such a massive leak in France. But it hung up on us. There are so many bad practices in the sector… ”, he tells CheckNews.