“Name, first name, telephone number and/or postal address”. The “administrative data” of some 15 million French individuals had been hacked throughout an assault that occurred on the finish of 2025 on 1,500 docs utilizing software program from the corporate Cegedim Santé, the Ministry of Health confirmed on Friday February 27.
For 169,000 sufferers, this knowledge is accompanied by free annotations entered by docs, “some of which may be sensitive data”, or “1% of cases”, specified the Ministry of Health throughout a press level organized the day after France 2’s revelations on this affair.
Also learnHacking of banking knowledge: France “very poor student” by way of cybersecurity
The writer of the focused software program, Cegedim Santé, admitted to having been the sufferer of a cyberattack on the finish of 2025, leading to a leak of sufferers’ private knowledge.
Between 11 and 15 million individuals might be affected, based on France 2, which revealed this affair on Thursday February 26. Among them, “very precise” knowledge is “openly accessible” on the web, stated the general public channel, based on which info on outstanding political leaders seems there.
According to Cegedim Santé, a significant participant within the medical knowledge internet hosting sector in France, which additionally manages the billing of healthcare professionals, among the many 3,800 docs utilizing its MLM software program, 1,500 had been victims of a cyberattack recognized on the finish of 2025.
“After extensive investigations, it appears that personal data of patients from the MLM software park was consulted or extracted illegally,” the corporate stated in a press launch, with out giving an estimate of the variety of individuals affected.
Cegedim referred to as to account
The Ministry of Health has ordered the corporate Cegedim, a significant provider of medical software program, to “immediately implement” corrective measures after a leak of sufferers’ private knowledge, the dimensions and penalties of which stay troublesome to evaluate.
The Minister of Health, Stéphanie Rist, has demanded accountability from the corporate, and “is awaiting the conclusions of the ongoing investigations and will ensure, in conjunction with the competent authorities, that full transparency is provided on this situation”, stating the duty of the “private service provider, responsible for data processing”.
See additionallyCybersecurity: is Europe depriving itself of its personal strengths?
This leak “does not result from a failure of the ministry’s systems, nor from an infrastructure directly under the control of the State”, she insisted.
A criticism was additionally filed with the general public prosecutor, she added.
But “health data has a very strong emotional dimension, because it affects the privacy” of people, which is why it “benefits from a higher level of legal protection than the list of your shopping in your loyalty card at the supermarket”, underlines skilled Nicolas Arpagian, director of technique for the corporate Jizô AI, to AFP.
“Underinvestment”
For Gérôme Billois, cybersecurity skilled at Wavestone, this “very serious” leak, which might be “the biggest in France” in well being, could have “irremediable consequences”. Because “health information that says ‘you have this illness’, once it is out, you will never be able to go back,” he advised AFP.
He sees this because the consequence of “underinvestment in cybersecurity for years” within the well being sector.
For Nicolas Arpagian, “what makes this data so valuable is that it is constant: your social security number, your date of birth, your last name, your telephone number and your real email, not a disposable address…. This data persists: for a hacker, it is all the more monetizable as it can be resold over time to other cybercriminals, or fuel extortion attempts.”
(AFP)
https://www.france24.com/fr/france/20260227-donn%C3%A9es-m%C3%A9dicales-15-millions-de-fran%C3%A7ais-pirat%C3%A9es-sant%C3%A9-cyberattaque