The breaches occurred in early February. Threat actors reportedly gained access to Viamedis' IT systems on January 29th. Four days later, Almerys also reported a similar incident. The compromised data includes patients' personal information such as names, birth dates, social security numbers, and details of their contract with their health insurance.
The French data privacy watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), confirmed that financial and medical data, as well as postal and email addresses, were not affected by the breach. However, the extent of the breach remains unknown.
Following the breaches, the CNIL opened an investigation to assess whether appropriate measures were taken in due time by Viamedis and Almerys as required by the General Data Protection Regulation (GDPR). The health insurance companies are responsible for informing their customers. Viamedis and Almerys are continuing their investigations to determine the true extent of the leak. In the meantime, French citizens have been advised to be cautious, particularly of any messages purporting to offer the reimbursement of health costs, and to make regular checks of their bank accounts.
References
(1) France: 33 Million Social Security Numbers Exposed in Health Insurance .... https://www.infosecurity-magazine.com/news/france-33-million-social-security/.
(2) Two massive healthcare data breaches just exposed more than half of .... https://www.itpro.com/security/data-breaches/two-massive-healthcare-data-breaches-just-exposed-more-than-half-of-frances-population.
(3) 20 million health insurance policyholders in France at risk following .... https://www.bitdefender.com/blog/hotforsecurity/20-million-health-insurance-policyholders-in-france-at-risk-following-data-breach/.
(4) Health insurance: Data of more than 500,000 people stolen in France. https://www.databreaches.net/health-insurance-data-of-more-than-500000-people-stolen-in-france/.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more