A file containing sensitive medical data for a list of nearly 500,000 people in France is circulating on the Internet, AFP noted on Tuesday February 23, following information from Release and the blog specialized in cybersecurity Zataz.
→ EXPLANATION. Hospitals remain prime targets for cyber attacks
The file contains 491,840 names associated with contact details (postal address, telephone, e-mail) and a social security number. They are sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments, or pathologies (in particular HIV).
Software from the Dedalus group implicated
According to Release, who investigated the subject, the data would come from about thirty medical biology laboratories, located mainly in the north-western quarter of France. They correspond, according to the newspaper, to samples taken between 2015 and October 2020, a period which coincides for the laboratories questioned with the use of the same software for entering medico-administrative information published by the Dedalus group.
→ READ. Cybersecurity, an increasingly strategic issue
“We have no certainty as to the fact that it is only Dedalus France software which is at issue in this case”, responded the Deputy CEO of Dedalus France, Didier Neyrat. “We have set up a crisis unit because we take this seriously and we will work in partnership with our customers to understand what happened”, he added. “We can find this file in seven different places on the Internet”, said Damien Bancal, journalist specializing in cybersecurity, who first identified the leak on February 14 on his blog Zataz.
Asked Tuesday, February 23 by AFP, the National Information Systems Agency (Anssi), the personal data gendarme (Cnil) and the Directorate General of Health (DGS) were not able to comment.
Multiplication of computer attacks
Computer attacks are currently increasing against healthcare establishments in France. Computer hackers paralyzed the hospitals of Dax and Villefranche-sur-Saône on February 8 and 15. On February 19, the Agence du numérique en santé also indicated on its site that a list of 50,000 login credentials for hospital center agents was for sale on a cybercriminal forum.
“There were 27 cyberattacks on hospitals in 2020 and since the start of 2021, it’s been one attack per week”, thus noted last week the Secretary of State in charge of digital, Cédric O. This upsurge has led the government to deploy new budgets to strengthen the security of these establishments.